Re: SSH resources, specifically on certificates (certificate authentication)

[rhkramer@gmail.com]

On Wednesday, July 13, 2022 07:09:33 PM Jeremy Ardley wrote:
> I understand that certificate based SSH authentication has problems with
> overall security management on a network. Password only has similar
> problems.

I'm not sure it has any more problems than ssh public key authentication, 
maybe even less, but that is part of what I'm trying to learn / determine.

> The correct solution seems to be a centrally managed authentication
> server but I haven't found any simple guide to implementing that in the
> Debian environment. Is there any useful tutorial available?

tomas makes one suggestion in a later post to this thread.

Another way that I think is along the lines you're talking about is referred 
to as gssapi (iirc) (at least in some of the man pages), of which Kerberos is 
one variety (iiuc) -- there are apparently other varieties.

I don't plan on digging into that. ;-)

-- 
rhk

If you reply: snip, snip, and snip again; leave attributions; avoid top 
posting; and keep it "on list".  (Oxford comma included at no charge.)  If you 
change topics, change the Subject: line. 

A picture is worth a thousand words -- divide by 10 for each minute of video 
(or audio) or create a transcript and edit it to 10% of the original.