alt Hacker NewsThat's the point, though. An SSH key gives authentication, not authorization. Generally a certificate is a key signed by some other mutually trusted authority, which SSH explicitly tried to avoid.
Replies
_bernd • today at 10:28 AM
You can also sign ssh host keys with an ssh ca.
See ssh_config and ssh-keygen man-pages...
SSH does support certificate based auth, and it’s a great upgrade to grant yourself if you are responsible for a multi human single user system. It grants revocation, short lifetime, and identity metadata for auditing, all with vanilla tooling that doesn’t impose things on the target system.