On Friday, June 03, 2022 10:43:53 AM Tom Browder wrote: > I have been using ssh for logging in to my remote hosts for many years, but > I have NOT been using ssh-agent.
I'm intentionally not addressing your specific questions. For me, your post is rather timely, because I'm digging into ssh and was trying to understand the different methods of authentication and trying to decide what was best for me. (I have a SOHO with up to 5 nodes at time (right now only 3.) From some of my reading, ssh certificates seem to be highly recommended, although it has seemed difficult for me to get all the details I want. The best resource I've found so far is: https://betterprogramming.pub/how-to-use-ssh-certificates-for-scalable-secure- and-more-transparent-server-access-720a87af6617?gi=8a3ac1f658bc One problem with that article is that it seems that there are about 3 blanks in it where, for example, the text mentions something like ~"use this command" and then there is a big blank spot. (I've tried viewing the page in 2 to 4 different browsers, depending on how you count them -- some older versions of firefox, a fairly recent version of firefox, and an older version of konqueror). I've looked for a way to contact the author but haven't found anything so far. Some of the advantages of certificates are (iiuc): * maybe a simpler setup, after you understand how to do it * easier to manage the keys / authentication (specifically, if you need to revoke permissions for a user you can do it in one place * apparently the security can be somewhat better (maybe a result of the previous bullet, but I think some other things as well) * you can make the transition gradually -- you can keep the "old" public key authentication in place (and continue to use it when, where, and if needed) while you transition some server(s) and user(s) to certificates. I thought I'd call your attention to this for your consideration -- perhaps with both of us investigating and asking questions as needed, we both might make quicker progress. In any event, have a good day!
