Just a side note, using SSSD you can query ssh keys stored in active directory, no need to copy ssh keys to each server. Using SSHFP DNS record the NO TOFU can be avoided. Thank you for the presentation 👍
why handling the public securely important? i got my private key secure and auotmstions handle deployment of public keys , doesn't matter how all matters it needs to end up in right place. public key can be public. also generating ssh keys by the user is one command experience
Just a side note, using SSSD you can query ssh keys stored in active directory, no need to copy ssh keys to each server.
Using SSHFP DNS record the NO TOFU can be avoided.
Thank you for the presentation 👍
We use ssh certs where I work. Very handy. Looking forward to implementing it in my next place...
Can I use SSH certs for communicating Ansible server over the Windows host (openssh) authentication?
why handling the public securely important? i got my private key secure and auotmstions handle deployment of public keys , doesn't matter how all matters it needs to end up in right place. public key can be public.
also generating ssh keys by the user is one command experience