This is the purpose of the not so well known audience claim. Though I'd still pr... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		asmor on March 25, 2025 \| parent \| context \| favorite \| on: Open-sourcing OpenPubkey SSH (OPKSSH): integrating... This is the purpose of the not so well known audience claim. Though I'd still prefer to authenticate to something like Vault's SSH engine and get a very short lived SSH certificate instead. No new software to install on your servers, just the CA key.

c45y on March 25, 2025 [–]

CA key also allows those servers to avoid reaching out to some central location to validate which I've found to be a nice side bonus for disaster recovery type scenarios.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact