ssh: Certificate authorities
- In increasing level of security:
- Password = thing you know
- Key = file (private key) you have
- Certificate = key + time limited connection to one or more principals (any token string really)
- Problem with keys
- We employ "trust on first use", TOFU
- Weak because people don't manually verify host/server public key fingerprints with an secondary channel
- We don't have expiry
- Key is valid so long as it's in authorized_keys
- We employ "trust on first use", TOFU
- A certificate authority, CA, is just a key pair
- Use the CA to sign a given public key to produce a certificate
- Associated the key + principals + other SSH config
- Can have an expiry date
- You can sign host keys or user keys (different flag for host)
- Configure client and/or server to trust the CA public key so it does not need to have seen a particular key before (avoid
Published on: 25 Jun 2023