I'm not saying one couldn't in theory implement that, but is that actually implemented? Is there any SSH server that accepts an X509 certificate and a client that accepts a database of CA root certs and checks the server cert?
> I'm not saying one couldn't in theory implement that, but is that actually implemented?
I'm not talking about theory here. I'm talking about what OpenSSH can do.
> Is there any SSH server that accepts an X509 certificate and a client that accepts a database of CA root certs and checks the server cert?
Actually, it may not be X.509 per se. I'm not sure if OpenSSH uses precisely
X.509 PKI or if it rolls out its own CA implementation, because I don't use
this function. I've read somewhere it's the latter case.