|
|
|
|
|
|
by michaelt
795 days ago
|
|
|
> To deal with the “untrust” issue it’s normal for operations with an SSH CA to rely on (very) short-lived certificates, meaning often issued and valid for < 24 hours (it’s configurable, I’ve seen this be as short as 30 minutes). So you want a way to get rid of long-lived SSH certificates, instead authenticating users with your corporate single-sign-on system then issuing them a temporary credential? And presumably you've got some audit logs, so you know who connected to what, when and why. Perhaps a familiar command line tool, that makes temporary credential rotation easy for users? Perhaps some paperwork to hand to your SOC2 compliance auditors? I mean, this is sounding a lot like tailscale ssh, teleport, and suchlike... |
|
|