Hi, I was looking at [1] which talks about how to leverage a CA for managing SSH access, and I thought it could be interesting for REX and potentially for foreman to manage.
In the post, they describe how they create different principles (groups - think hostgroups) for access, generating certificates with expatriation etc. Since we already have some of the certificate handling code (puppet ca, pulp / katello certs) I wonder if it make sense to generalize it and offer SSH certificates (and their management and possible an auditing system for their usage) offering? Ohad [1] https://code.facebook.com/posts/365787980419535/scalable-and-secure-access-with-ssh/ -- You received this message because you are subscribed to the Google Groups "foreman-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
