You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The sshd option TrustedUserCAKeys allows the specified CA file to contain multiple keys which makes rotating signing keys pretty easy. But if the signing key is compromised we should be able to revoke all certs by revoking the signing key - the sshd will automatically deny any cert signed with the revoked signing key.
This sounds easy enough to implement, but we don't currently record any data about the signing key and we probably should.
@patrickod I'm interested in your thoughts on this
The text was updated successfully, but these errors were encountered:
The sshd option
TrustedUserCAKeysallows the specified CA file to contain multiple keys which makes rotating signing keys pretty easy. But if the signing key is compromised we should be able to revoke all certs by revoking the signing key - the sshd will automatically deny any cert signed with the revoked signing key.This sounds easy enough to implement, but we don't currently record any data about the signing key and we probably should.
@patrickod I'm interested in your thoughts on this
The text was updated successfully, but these errors were encountered: