On Friday, June 03, 2022 10:43:53 AM Tom Browder wrote:
I have been using ssh for logging in to my remote hosts for many years, but
I have NOT been using ssh-agent.
I'm intentionally not addressing your specific questions.
For me, your post is rather timely, because I'm digging into ssh and was
trying to understand the different methods of authentication and trying to
decide what was best for me. (I have a SOHO with up to 5 nodes at time (right
now only 3.)
From some of my reading, ssh certificates seem to be highly recommended,
although it has seemed difficult for me to get all the details I want.
The best resource I've found so far is:
https://betterprogramming.pub/how-to-use-ssh-certificates-for-scalable-secure-
and-more-transparent-server-access-720a87af6617?gi=8a3ac1f658bc
One problem with that article is that it seems that there are about 3 blanks
in it where, for example, the text mentions something like ~"use this command"
and then there is a big blank spot. (I've tried viewing the page in 2 to 4
different browsers, depending on how you count them -- some older versions of
firefox, a fairly recent version of firefox, and an older version of konqueror).
I've looked for a way to contact the author but haven't found anything so far.
Some of the advantages of certificates are (iiuc):
* maybe a simpler setup, after you understand how to do it
* easier to manage the keys / authentication (specifically, if you need to
revoke permissions for a user you can do it in one place
* apparently the security can be somewhat better (maybe a result of the
previous bullet, but I think some other things as well)
* you can make the transition gradually -- you can keep the "old" public
key authentication in place (and continue to use it when, where, and if
needed) while you transition some server(s) and user(s) to certificates.
I thought I'd call your attention to this for your consideration -- perhaps
with both of us investigating and asking questions as needed, we both might
make quicker progress.
In any event, have a good day!