Re: How about ssh certificates (was: Re: ssh-agent: I want to start using on all my remote hosts)

On Friday, June 03, 2022 10:43:53 AM Tom Browder wrote:
> I have been using ssh for logging in to my remote hosts for many years, but
> I have NOT been using ssh-agent.

I'm intentionally not addressing your specific questions.

For me, your post is rather timely, because I'm digging into ssh and was
trying to understand the different methods of authentication and trying to
decide what was best for me. (I have a SOHO with up to 5 nodes at time (right
now only 3.)

>From some of my reading, ssh certificates seem to be highly recommended,
although it has seemed difficult for me to get all the details I want.

The best resource I've found so far is:

I remember seeing that in the past. Note when I started my https://usafa-1965.org website in 2010 I plunged into creating ssl certificates for my classmates to log in painlessly. But it was a pain for me, although I built my CA with a hand-coded Perl set of programs which helped immensely. There are now better CA solutions (open source ones, too), but for my purposes I think the ssh-agent will be easier.

https://betterprogramming.pub/how-to-use-ssh-certificates-for-scalable-secure-
and-more-transparent-server-access-720a87af6617?gi=8a3ac1f658bc

One problem with that article is that it seems that there are about 3 blanks
in it where, for example, the text mentions something like ~"use this command"
and then there is a big blank spot. (I've tried viewing the page in 2 to 4
different browsers, depending on how you count them -- some older versions of
firefox, a fairly recent version of firefox, and an older version of konqueror).

I briefly looked at the article and didn't notice anything missing. Maybe if you could take some screen shots in those areas we could help.

-Tom