Y
Hacker News
new
|
ask
|
show
|
jobs
by
ryaan_anthony
2130 days ago
we use signed certs with authorized principals to manage access [1] and sign the certs after successful MFA. if you need a non-interactive connection you can use token authentication to fetch a cert.
[1]
https://engineering.fb.com/security/scalable-and-secure-acce...
1 comments
client4
2130 days ago
Signed certs for ssh is IMHO the best solution for managing this problem in larger orgs. Nice to see Facebook published their process around it.
link