|
|
|
|
|
|
by walrus01
3360 days ago
|
|
|
That, and the usage of unique per device public/private X.509 PKI key pairs per client, for connection to the VPN. A typical person might have 3 sets of keys: a) laptop b) home office desktop c) android or ios device (phone/tablet) then, of course, once connected to the vpn, to authenticate to ssh the person will probably be using their per person ssh public/private key pair from their workstation. So we have the ability to revoke an individual client device's vpn keys separately. In event of total compromise we can revoke both vpn keys for device(s) and the person's ssh key. |
|
|