Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-5985

ansible-sshd Manage SSH certificates

    • rhel-system-roles-1.23.0-2.18.el8
    • None
    • rhel-sst-system-roles
    • 20
    • 22
    • None
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Feature
    • Hide
      .The `sshd` role now configures certificate-based SSH authentications

      With the `sshd` RHEL System Role, you can now configure and manage multiple SSH servers to authenticate by using SSH certificates. This makes SSH authentications more secure because certificates are signed by a trusted CA and provide fine-grained access control, expiration dates, and centralized management.
      Show
      .The `sshd` role now configures certificate-based SSH authentications With the `sshd` RHEL System Role, you can now configure and manage multiple SSH servers to authenticate by using SSH certificates. This makes SSH authentications more secure because certificates are signed by a trusted CA and provide fine-grained access control, expiration dates, and centralized management.
    • Done
    • None

      Goal

      • Deploy User CA on the system
      • Configure principals (optional)

      Reason:
      This allows you to configure and manage the SSH server to authenticate via certificates.
      Improves SSH authentication security: certificates have a validity period, unlike SSH keys.

      More information on SSH certificates is available here: Managing SSH Access at Scale with HashiCorp Vault.

      Result:
      The related documentation is available and an example can be found in examples/example-use-certificates.yml.

              rmeggins@redhat.com Richard Megginson
              spetros@redhat.com Sergei Petrosian
              Richard Megginson Richard Megginson
              David Jez David Jez
              Mirek Jahoda Mirek Jahoda
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: