SSH certificates
Walter Parker
walterp at gmail.com
Thu Nov 21 23:10:00 UTC 2019
>
>
> Message: 3
> Date: Thu, 21 Nov 2019 10:41:40 +0100
> From: Julien Cigar <julien at perdition.city>
> To: freebsd-questions at freebsd.org
> Subject: SSH certificates
> Message-ID: <20191121094140.GA1374 at p52s>
> Content-Type: text/plain; charset=utf-8
>
> Hello,
>
> I'd like to setup an automated mechanism to replace SSH keys and
> autorized_keys management with SSH certificates. Basically every member
> of the team who arrives in the morning should authenticate to an
> authority (some daemon in a very secure jail which implement a local CA
> + key sign) and should receive back a signed certificate with a validity
> period of x hours.
>
> After digging a little I found https://smallstep.com/certificates/
> and https://smallstep.com/cli/ (which aren't packaged BTW) but I'm
> wondering if there were others similar tools ..?
>
> Thanks!
>
> Julien
>
>
> --
> Julien Cigar
> Belgian Biodiversity Platform (http://www.biodiversity.be)
> PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0
> No trees were killed in the creation of this message.
> However, many electrons were terribly inconvenienced.
>
>
Look at https://github.com/gravitational/teleport
(The source build should work on FreeBSD)
it is a full security gateway. It uses SSH certificates.
Or BLESS from Netflix
https://github.com/Netflix/bless
It uses an AWS Lambda function to sign SSH public keys.
Walter
--
The greatest dangers to liberty lurk in insidious encroachment by men
of zeal, well-meaning but without understanding. -- Justice Louis D.
Brandeis
More information about the freebsd-questions
mailing list