Re: OpenSSH Certkey (PKI)

From: Andre Oppermann <andre_at_freebsd.org>
Date: Fri, 17 Nov 2006 14:02:38 +0100

Bob Beck wrote:
> 
> 	I would think it would be nice if "CAL" had a way of
> saying "these are the ones to be revoked" so no shutdown, just
> propagate the bad one - but I'm talking to daniel offline about it..

That's easy.  echo "ab:cd:ef..." > /etc/ssh/blacklist

Or use a prediodic rsync to do that.  Every pubkey fingerprint listed in it is
denied access.

-- 
Andre

Received on Fri Nov 17 2006 - 12:02:46 UTC

This message: [ Message body ]
Next message: st41ker: "libdl.so bulked"
Previous message: Bruce Evans: "Re: ZFS patches for FreeBSD."
In reply to: Bob Beck: "Re: OpenSSH Certkey (PKI)"
Next in thread: Stephen Frost: "Re: OpenSSH Certkey (PKI)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:02 UTC