Re: X.509 and ssh
- From: "Richard E. Silverman" <res@xxxxxxxx>
- Date: 12 Feb 2006 15:26:36 -0500
"DT" == Darren Tucker <dtucker@xxxxxxxxxxxxxxxx> writes:
DT> On 2006-02-12, Richard E. Silverman <res@xxxxxxxx> wrote:
>>>>>>> "DT" == Darren Tucker <dtucker@xxxxxxxxxxxxxxxx> writes:
DT> There's another option not mentioned, and it is a (proposed)
DT> standard: SSH fingerprints via DNS, RFC4255. It needs a secure
DT> DNS to be useful, and only helps with known hosts, though.
>> Good point; thanks. I'm not sure what you mean by "only helps
>> with known hosts," though; could you clarify?
DT> You can't use it to centralise, eg, authorized_keys.
DT> To achieve the same effect as, eg, kerberos single sign on you
DT> would still need to distribute authorized_keys files to the
DT> relevant servers.
Oh, you mean it doesn't help with user authentication. Yes; I was only
talking about server auth.
--
Richard Silverman
res@xxxxxxxx
.
- References:
- Re: X.509 and ssh
- From: Peter Gutmann
- Re: X.509 and ssh
- From: Richard E. Silverman
- Re: X.509 and ssh
- From: Darren Tucker
- Re: X.509 and ssh
- From: Richard E. Silverman
- Re: X.509 and ssh
- From: Darren Tucker
- Re: X.509 and ssh
- Prev by Date: Re: sftp "put" suddenly stopped working, all else works fine.
- Next by Date: Re: sftp "put" suddenly stopped working, all else works fine.
- Previous by thread: Re: X.509 and ssh
- Next by thread: Re: X.509 and ssh
- Index(es):
Relevant Pages
|
