OpenSSH Certkey (PKI)
Daniel Lang
dl at leo.org
Thu Nov 16 06:17:35 PST 2006
Hi Wolfgang,
Wolfgang S. Rupprecht wrote on Wed, Nov 15, 2006 at 04:53:55PM -0800:
[..]
> > +the responsibility of verifying host keys, and users do no longer need to
> > +maintain known_hosts files of their own.
^^^^^^^^^^^
[..]
> I would hate to have my ssh allow anyone in just because we used the
> same CA. I still see the authorized_keys file as having a very
> important role even if the first layer defense is to check if the
> certificate is signed by a CA I trust.
[..]
Are you, by any chance, mixing up "known_hosts" and "authorized_keys"?
Cheers,
Daniel
More information about the freebsd-current
mailing list