SSH Certificate Authority Rocky Linux 8

Рет қаралды 10,441

Күн бұрын

Пікірлер: 26

@uttamkumarkumar3171 5 ай бұрын

Great tutorial n well explain demonstration. Solve d problem of host verification (The authenticity of host can't be established) whether it is Passwordless/pubkey authentication(ca->server1, server2) Or Password authentication(client->server1, server2) as the same private key of CA(cert-auth) sign the host rsa pub key of server1 n server2 n the public key of CA(cert-auth.pub) is specified in /etc/ssh/ssh-known-hosts of CA, client machine. Sir Best video, keep it up

@theurbanpenguin 4 ай бұрын

Thank you

@knight024 2 жыл бұрын

Vim has a built in auto-path completion (no plugins needed). Ctrl-X Ctrl-F then Ctrl-P (prev) and Ctrl-N (next) to cycle through the options in the directory, and repeat Ctrl-X Ctrl-F to keep drilling down into the directory structure. SUPER handy, it's a must know for using vim.

@knight024 2 жыл бұрын

You must do that in "Insert mode" not "Normal mode" btw

@theurbanpenguin 2 жыл бұрын

Thank you, did not know this 😀

@othernicksweretaken 2 жыл бұрын

Thanks for that hint, mate. I also had used the bang escape to shell globbing in vi ex mode, like the urban penguin showed in his video.

@Openwrt2023 3 жыл бұрын

Hi Andrew. Good to see you again. Chris from VMware.

@theurbanpenguin 3 жыл бұрын

Thanks Chris

@kamakshyanayak4058 3 жыл бұрын

Thanks... my colleagues would be watching this n finding very helpful...

@theurbanpenguin 3 жыл бұрын

Glad it was helpful!

@ПавелНовиков-п6ь 3 жыл бұрын

Good lessons, my appresiate, It would be very interesting to know about reverse process ,access to multiply host via one adding your key only to this one.

@kgchrome 2 жыл бұрын

are you planning on doing the other side of this with signed user keys??

@thienlory 5 ай бұрын

Hello, I have successfully configured the SSH daemon setup with certificate-based authentication. Currently, is there a way to load the client's private key and certificate onto a YubiKey? If you have any specific sources, please share them with me for further research. Thank you!

@drgr33nUK 3 жыл бұрын

Nice glasses! Little bit Dr.Robotnik.

@theurbanpenguin 3 жыл бұрын

😂

@othernicksweretaken 2 жыл бұрын

There is a species called _Brillenpinguin_ (Brille = glasses, spectacles) in German. It derives its name from a pink rim above its eyes, and is called _Cape_ or _Jackass_ _Penguin_ in English. It can be spotted on the beaches around the South African Cape. Rumor has it that Linus Torvalds was once bitten by such a beast.

@VipinKNarayanan 3 жыл бұрын

This concept confuses me, usually the client uses its private key to encrypt the connection and the server has the public key of the client in its authorized keys file, hence allows connection.

@theurbanpenguin 3 жыл бұрын

The public key of each individual server is in the certificate. The host certificate option in sshd ensures the certificate is presented to the client. The cert includes the public key of the server and ca. The ca is trusted by the client. This is the same as https. You don’t really believe that your browser contains every public key of every web server that exists today as well as those that will be deployed in the future

@VipinKNarayanan 3 жыл бұрын

@UCuLMvHqNz9f3LRimK6I6e5w I went through the process of converting my key based servers to certificate based to understand the concept, in short what I understood is there is host certificate which ensures I'm connecting to the correct server (No MITM, by authenticating the server) , no more comparing the fingerprint. And there is the user certificate which authenticates the user. Both host and client trust the CA hence trust the certificate signed by CA.

@ПавелНовиков-п6ь 3 жыл бұрын

@@VipinKNarayanan You are stronly right. I was confused as you at lesson's start. I thought that lesson was about ACCESS to many servers via THE ONE CA server. But this lessons is about simplifying HOST verification, NOT client ( defense against MITM, you are right , friend)