On 7/15/22 11:46 PM, J. Roeleveld wrote:
Hmm... interesting. I will look into this.
:-)
But, it needs the agent to be running, which will make it tricky for
automation.
Why can't automation start an agent? Why can't there be an agent
running that automation has access to?
(I have some scripts that need to do things on different systems in
a sequence for which this could help)
:-)
I know, which is why I was investigating automating it. The passwords
are too long to comfortably copy by hand.
I assume that you mean "type" when you say "copy".
I will definitely investigate this. They sound interesting. I'd set
the validity to a lot less if this can be automated easily.
Yes, it can be fairly easily automated.
One of the other advantages of SSH /certificates/ is when you flip
things around and use a /host/ certificate. Clients can recognize that
the target host's certificate is signed by the trusted SSH CA and not
prompt for the typical Trust On First Use (TOFU) scenario. Thus you can
actually leverage the target host SSH fingerprint and not need to ignore
that security aspect like so many people do.
Added to my research-list.
:-)
--
Grant. . . .
unix || die
