<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 1/10/2019 10:55 AM, Corey Minyard
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:866074a5-055f-a97c-f233-2c7dae338338@acm.org">It is
unusual, perhaps, but I'm trying to implement something like ssh
does. I can't expect users of ser2net to obtain certificates from
a real certificate authority, that's too high a barrier for
entry. I want them to be able to generate a key pair, put the
public key on the server in their account, and authenticate
against that.
</blockquote>
<p><br>
</p>
<p>Nobody said you needed a real certificate authority. You need a
*trusted* certificate authority.</p>
<p>You could put the user's self-signed certificate into their
account as a trusted CA.</p>
<p>However... it seems like you're reinventing ssh. Your
replacement for ssh will likely require a custom client, which
will be a pain in the neck for your users. Maybe you should start
with an existing ssh library and hack it until it behaves the way
you need.<br>
</p>
<pre class="moz-signature" cols="72">--
Jordan Brown, Oracle ZFS Storage Appliance, Oracle Solaris</pre>
</body>
</html>