CA unreachable means no renewals, but identity verification (login) is offline. As long as certs renewed fine, connection to the CA is not needed.
Comment on What is the best trategie to refresh ssh keys?
Anekdoteles@feddit.org 3 weeks agoSooo, CA unreachable means connection dead, which is a manageable risk. But giving a third party the authority over my SSH access sounds like a great way to make it convenient for state actors to invade my privacy.
mik@sh.itjust.works 3 weeks ago
AbidanYre@lemmy.world 3 weeks ago
I mean, the CA is also self hosted so I’m not sure what you think the extra attack vector is here.