Flexible, Secure SSH with DNSSEC
-
@anonymous said:
- It's braindead simple to manage authorized_keys in a central location using configuration management.
That's right, it is. And this is an example of that configuration management. He's complimenting the process but wording it like a complaint.
-
How would this affect a jumpbox?
-
OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013This is the output from a fresh CentOS7 install. Seems to be at 6.1 alright?
-
Oh, needs to be 6.2
-
@anonymous said:
How would this affect a jumpbox?
It would make it easier to manage. All of the public side of the keys would be picked up through DNSSEC instead of pushing them out through custom scripts, Chef, Ansible or making users do it individually.
-
Upgrading OpenSSH to 6.2 seems like a pain. Anyone have a easy way to do it?
-
@anonymous said:
Upgrading OpenSSH to 6.2 seems like a pain. Anyone have a easy way to do it?
Wait until RHEL adds it?
-
Run Fedora?
-
@JaredBusch said:
@anonymous said:
Upgrading OpenSSH to 6.2 seems like a pain. Anyone have a easy way to do it?
Wait until RHEL adds it?
That should be CentOS 8
-
@scottalanmiller said:
@JaredBusch said:
@anonymous said:
Upgrading OpenSSH to 6.2 seems like a pain. Anyone have a easy way to do it?
Wait until RHEL adds it?
That should be CentOS 8
This is currently an emerging technology. So really, anyone trying to implement should NOT be expecting an easy way to do something.
-
Not yet, in a year or two, I'd expect it to get there.
