top | item 34944765

(no title)

sammax | 3 years ago

I’ve set up an AuthorizedKeysCommand that uses unbound to get the authorized keys for the server via DNSSEC, with the ability to specify keys for whole servers, users on servers or globally for all servers. This is pretty neat for my few private boxes, I wouldn’t advise it for something bigger or enterprise, an ldap or similar seems better for that.

discuss

tptacek|3 years ago

People scaling SSH authorization tend to set up SSH CAs (either directly, or baked into some higher-level management solution). SSH CAs scale down nicely, as well.