Explore the underutilized feature of SSH certificates in OpenSSH and learn how they can solve pain points for growing teams and infrastructure in this 45-minute conference talk from linux.conf.au 2020. Discover how hosts can trust a single public key of a trusted certificate authority instead of managing keys from multiple developers. Understand the benefits of expiring SSH certificates, their ability to control session permissions, and their role in minting new users on trusting hosts. Learn about implementing a self-service certificate authority using open-source tools, combining OAuth2, AWS credentials, and lambda functions. Gain insights into topics such as Certificate Authority Private Keys, SSH Keygen Config, onboarding users, signing certificates, user provisioning, and managing backup keys. Delve into advanced concepts like Multi-Trust, Identity Agents, and Revocation Lists to enhance your understanding of Zero Trust SSH implementation.
Overview
Syllabus
Intro
Certificate Authority Private Key
SSH Keygen Config
Onboarding Users
Signing Certs
Shrimp
Certificates
User Provision
SSH as Jeremy
Backup Keys
Private Keys
MultiTrust
Bonus
Questions
Identity Agent
Revocation List
Taught by
linux.conf.au