Hacker News new | past | comments | ask | show | jobs | submit login

He’s not talking about ssh keys, but ssh certs. As provided off the shelf by bless (Netflix), vault, step-ca, etc. they remove the burden of managing keys. For example you can give a single command a short-lived ssh cert that is only valid as long as the command takes to run and then expires.



For clarity, yes I did say certs. But even good old SSH keys are a million miles better than passwords.

I guess I should have said "Public Key Authentication" since that would be more reflective of a desirable baseline SSHD configuration.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: