On 7/15/22 05:32, Curt wrote:
The question I ask myself preliminarily, before delving further into
the matter, is whether certificate-based SSH authentication is
appropriate for a home LAN with three users.
+1
I decided SSH with publickey authentication and passphrase keys were
plenty for
On Friday, July 15, 2022 08:49:01 AM to...@tuxteam.de wrote:
> On Fri, Jul 15, 2022 at 12:32:35PM -, Curt wrote:
> > The question I ask myself preliminarily, before delving further into
> > the matter, is whether certificate-based SSH authentication is
> > appropriate for a home LAN with three
Thanks for the response, and to dsr as well. I won't really ask a question
here, but I will make some comments -- not sure how / where to fit them in --
will try to intersperse below. Or maybe I'll just top post them here:
Surprise 2:
Another surprising thing to me (with the evolution of the
On Fri, Jul 15, 2022 at 12:32:35PM -, Curt wrote:
> On 2022-07-14, Dan Ritter wrote:
> >
> > If you've got a very large organization, you may want to support
> > the infrastructure to generate new SSH certs for people daily,
> > with expiration dates of 24 hours. Then you need to make sure
> >
On 2022-07-14, Dan Ritter wrote:
>
> If you've got a very large organization, you may want to support
> the infrastructure to generate new SSH certs for people daily,
> with expiration dates of 24 hours. Then you need to make sure
> that mechanism is working perfectly and has appropriate
> redunda
to...@tuxteam.de wrote:
> See, asymmetrical encryption (e.g. RSA, Elliptic Curve) is far too expensive
> to use on bulk data, so it typically is used to encrypt a key (generated on
> the spot), called "session key". The latter is used to symmetrically (e.g.
> AES) encrypt the bulk data. You use th
On Thu, Jul 14, 2022 at 08:01:19PM -0400, rhkra...@gmail.com wrote:
[...]
> I'll probably start with a post to describe one of the most surprising things
> I learned about ssh so far -- to jump ahead and spoil it, it turns out that
> public key encryption is not used for the exchange of the rea
On Thu 14 Jul 2022 at 10:00:29 (-0400), Frank Pikelner wrote:
> SSH certificate authentication is not complicated and has many
> advantages. Some organizations use SSH certificates to provide limited
> access for admins to servers. In my opinion using SSH certificates is
> preferred to just using
Intentionally top posting.
Thanks for the reply!
I'm thinking of two or three paths forward -- one is to give up on this, but
I've invested a lot of calandar days (and non-"spare" manhours so far, so I
don't want to do that.
Another is to make another pass through some of what I consider the b
On 7/14/22 09:59, rhkra...@gmail.com wrote:
On Wednesday, July 13, 2022 07:58:14 PM David Christensen wrote:
Buy and read "TLS Mastery" by Lucas:
https://mwl.io/nonfiction/networking#tls
Replying off list intentionally: AFAIK, TLS doesn't have much, if anything, to
do with ssh certificates.
On Wednesday, July 13, 2022 07:09:33 PM Jeremy Ardley wrote:
> I understand that certificate based SSH authentication has problems with
> overall security management on a network. Password only has similar
> problems.
I'm not sure it has any more problems than ssh public key authentication,
maybe
On Thu, Jul 14, 2022 at 08:55:34AM -0400, rhkra...@gmail.com wrote:
>
>
> dsr, Thanks for the reply!
>
> Like I said, I think I went down a rabbit hole, and I wish I had realized
> that
> before I went there.
As someone else said, I agree that the certificate way is quite a bit more
complex t
On Thu, Jul 14, 2022 at 8:56 AM wrote:
>
>
>
> dsr, Thanks for the reply!
>
> Like I said, I think I went down a rabbit hole, and I wish I had realized that
> before I went there.
>
> I've invested quite a few calendar days (and "spare" manhours) in trying to
> figure this out, so I'm not quite r
dsr, Thanks for the reply!
Like I said, I think I went down a rabbit hole, and I wish I had realized that
before I went there.
I've invested quite a few calendar days (and "spare" manhours) in trying to
figure this out, so I'm not quite ready to give up.
I do have some ideas (an idea) for an
Dan Purgert wrote:
> On Jul 13, 2022, David Wright wrote:
> > On Wed 13 Jul 2022 at 18:40:18 (-0400), Dan Purgert wrote:
> > > On Jul 13, 2022, rhkra...@gmail.com wrote:
> > > > I seem to have gone down a rabbit hole.
> > > >
> > > > I want(ed?) to set up ssh on my LAN using certificate authentic
On Jul 13, 2022, David Wright wrote:
> On Wed 13 Jul 2022 at 18:40:18 (-0400), Dan Purgert wrote:
> > On Jul 13, 2022, rhkra...@gmail.com wrote:
> > > I seem to have gone down a rabbit hole.
> > >
> > > I want(ed?) to set up ssh on my LAN using certificate authentication, and
> > > am
> > > havi
On 7/13/22 13:11, rhkra...@gmail.com wrote:
I seem to have gone down a rabbit hole.
I want(ed?) to set up ssh on my LAN using certificate authentication, and am
having a lot of trouble finding the information I need / would like to have.
I won't go into much detail now, but I didn't realize how
On Wed 13 Jul 2022 at 18:40:18 (-0400), Dan Purgert wrote:
> On Jul 13, 2022, rhkra...@gmail.com wrote:
> > I seem to have gone down a rabbit hole.
> >
> > I want(ed?) to set up ssh on my LAN using certificate authentication, and
> > am
> > having a lot of trouble finding the information I need
On 14/7/22 6:40 am, Dan Purgert wrote:
On Jul 13, 2022, rhkra...@gmail.com wrote:
I seem to have gone down a rabbit hole.
I want(ed?) to set up ssh on my LAN using certificate authentication, and am
having a lot of trouble finding the information I need / would like to have.
Which is what, ex
On Jul 13, 2022, rhkra...@gmail.com wrote:
> I seem to have gone down a rabbit hole.
>
> I want(ed?) to set up ssh on my LAN using certificate authentication, and am
> having a lot of trouble finding the information I need / would like to have.
Which is what, exactly? Other than the "active mai
I seem to have gone down a rabbit hole.
I want(ed?) to set up ssh on my LAN using certificate authentication, and am
having a lot of trouble finding the information I need / would like to have.
I won't go into much detail now, but I didn't realize how big a subject ssh
is, and although I'm find
21 matches
Mail list logo
