On Fri, Jul 15, 2022 at 12:32:35PM -0000, Curt wrote: > On 2022-07-14, Dan Ritter <dsr@randomstring.org> wrote: > > > > If you've got a very large organization, you may want to support > > the infrastructure to generate new SSH certs for people daily, > > with expiration dates of 24 hours. Then you need to make sure > > that mechanism is working perfectly and has appropriate > > redundancy, so that you don't accidentally lock out the whole > > organization tomorrow. > > The question I ask myself preliminarily, before delving further into > the matter, is whether certificate-based SSH authentication is > appropriate for a home LAN with three users. Definitely not. OTOH -- would you like those managing your thousand-plus hosts and tens of thousands of IDs to learn "on the living organism"? Cheers -- t
Attachment:
signature.asc
Description: PGP signature