On 1/10/2019 10:55 AM, Corey Minyard wrote: > It is unusual, perhaps, but I'm trying to implement something like ssh > does. I can't expect users of ser2net to obtain certificates from a > real certificate authority, that's too high a barrier for entry. I > want them to be able to generate a key pair, put the public key on the > server in their account, and authenticate against that.
Nobody said you needed a real certificate authority. You need a *trusted* certificate authority. You could put the user's self-signed certificate into their account as a trusted CA. However... it seems like you're reinventing ssh. Your replacement for ssh will likely require a custom client, which will be a pain in the neck for your users. Maybe you should start with an existing ssh library and hack it until it behaves the way you need. -- Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
