Another problem with SSH is that people remove the key check completly in automa... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

AtNightWeCode on March 27, 2023 | parent | context | favorite | on: We need better support for SSH host certificates

Another problem with SSH is that people remove the key check completly in automations since some services just rotates the keys without telling. Or for being lazy.

megous on March 27, 2023 [–]

That's also solved with host CA. You can rotate the host keys, add new machines/keys however you want, and all that matters is whether the host keys are signed with a trusted CA, when you setup automation to trust that CA.

AtNightWeCode on March 27, 2023 | [–]

Yes, that would work.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact