this post was submitted on 12 Jun 2023
3 points (100.0% liked)
Self Hosted - Self-hosting your services.
11230 readers
1 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules
- No harassment
- crossposts from c/Open Source & c/docker & related may be allowed, depending on context
- Video Promoting is allowed if is within the topic.
- No spamming.
- Stay friendly.
- Follow the lemmy.ml instance rules.
- Tag your post. (Read under)
Important
Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!
- Lemmy doesn't have tags yet, so mark it with [Question], [Help], [Project], [Other], [Promoting] or other you may think is appropriate.
Cross-posting
- !everything_git@lemmy.ml is allowed!
- !docker@lemmy.ml is allowed!
- !portainer@lemmy.ml is allowed!
- !fediverse@lemmy.ml is allowed if topic has to do with selfhosting.
- !selfhosted@lemmy.ml is allowed!
If you see a rule-breaker please DM the mods!
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Have you considered creating Certificates for your keys? The basic idea is that you have a master CA key pair which you use to sign all your actual keys with (ideally both use and host keys). Than you only add a CA entry for the CA to the authorized_keys and known_hosts on every machine and now, whenever you add a user or host, you only need to sign its keys and everything else trusts it automatically. Add a CRL for key revocation to solve the lost-keys-problem and not you should have everything you wanted. All of this comes out of the box with OpenSSH, no extra tools required.
This sounds interesting will read up on it.