JP Mens2d ago

OpenSSH 5.4 was released on 2010-03-08, and that is when the project added support for certificate authentication of users and hosts using an OpenSSH certificate format (not X.509)

Why am I telling you this? Because I wanted to find out since when exactly I have been putting off actually experimenting with SSH certificates, and I can now with certainty say that as far as this topic is concerned I've been an idiot over the last 16 years!

Show threadPatrick Mevzek1d ago
@jpmens I find this a good enlightening past experiment with all sorts of nice properties: https://speakerdeck.com/rlewis/how-netflix-gives-all-its-engineers-ssh-access-to-instances-running-in-production (ephemeral certificates with a static CA) and hence https://github.com/Netflix/bless
How Netflix Gives All Its Engineers SSH Access To Instances Running In Production

One of the ways Netflix enables engineering velocity is with the Freedom and Responsibility culture that empowers individuals with the freedom to do wha…

Speaker Deck
Show threadJP Mens
@pmevzek thank you, I enjoy reading how/what others have done!
Mar 26 at 9:41pmToot!