For those who haven’t read part 1 of this series, here’s a short summary: OpenSSH key-based authentication is divided into two parts; public key authentication and certificate authentication. Certificate authentication has a central CA, trusted by the hosts, which can issue certificates based on a users public key to provide short-lived or long-lived access to […]

Background This is something that’s been bugging me for a while now, and I’ve been searching far and wide for a solution. It’s not that none exist, here’s Jumpcloud, Keyfactor, ManageEngine, Operas ssh-key-authority, skm and many, many more SSH Key managers with varying amounts of control and authentication; not to speak of PAM tools like […]