Hacker News new | past | comments | ask | show | jobs | submit login

> ideally from a strong root of trust, like an IdP that does 2FA.

I understand the concepts, but how does this work in practice? Do you have an example of generating a short-expiry certificate from an IdP, such as Google?




You can do it directly with OpenSSH, no need for third-party software. There are many good blog articles / tutorials on the subject, e.g. search for "ssh ca certificate". Most people don't know that you can do this but it's actually quite easy.


I did a bit of reading on the topic. But it is still unclear to me what the workflow is. How would a typical day look like for an admin and one of the users?


Vault can do something like this.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: