| ▲ | dotwaffle 6 hours ago | |||||||
That's the point, though. An SSH key gives authentication, not authorization. Generally a certificate is a key signed by some other mutually trusted authority, which SSH explicitly tried to avoid. | ||||||||
| ▲ | simonjgreen 4 hours ago | parent | next [-] | |||||||
SSH does support certificate based auth, and it’s a great upgrade to grant yourself if you are responsible for a multi human single user system. It grants revocation, short lifetime, and identity metadata for auditing, all with vanilla tooling that doesn’t impose things on the target system. | ||||||||
| ||||||||
| ▲ | _bernd an hour ago | parent | prev [-] | |||||||
You can also sign ssh host keys with an ssh ca. See ssh_config and ssh-keygen man-pages... | ||||||||