|
|
|
|
|
|
by magmastonealex
739 days ago
|
|
|
There is a revocation system in place (the RevokedKeys directive in the sshd configuration file, which seems to be system-wide rather than configured at the user-level. At least, that’s the only way I’ve used it) I agree with the sentiment though, it is far less extensive than traditional X.509 certificate infrastructure. |
|
|
You are correct though, you can keep a list and deploy it to all the nodes for revocation purposes.
It's unfortunate that there's no RevokedKeysCommand to support building something like OCSP.