Subj : Re: Chromium and self-signed certificates To : Lawrence D'Oliveiro From : bp@www.zefox.net Date : Sat Sep 07 2024 01:39:00 Lawrence D'Oliveiro wrote: > On Sun, 1 Sep 2024 22:49:42 -0000 (UTC), bp wrote: > >> Are the certificates and keys the same between SSH and TLS? > > The basic encryption algorithms may be the same, but the usage is a little > different. SSH has no concept of “certificates”, only of “host keys” > versus “user keys”. Each key is of course actually a key pair, consisting > of a public key (freely redistributable, but recipients need to be sure > they get them from a trusted source) and a corresponding private key > (never to be disclosed to anybody else). > > There is a file in your SSH client config called “known_hosts”, which > contains the public host keys of all the hosts you’ve previously connected > to; this is used to guard against somebody trying to impersonate any of > those hosts when you next try to connect. I was confusing host keys and server certificates. One more puzzle down. Your scripts seem to work on both FreeBSD and RasPiOS. Now to see if I can stumble through making them work between _between_ FreeBSD and RasPiOS. One obvious question is setting the "listen_addr" in the try_server script. Can it be set to "any" or a range by IP or FQEN? A list would be fine, I have only eight addresses total. Thank you! bob prohaska --- SoupGate-Win32 v1.05 * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3) .