Users need to be actively involved in the key generation and enrollment of user certificates in order to tie their identities to the certificates. Thus user certificate enrollment is not centrally triggered via SSH Tectia Manager. Typically user certificates are stored on hardware tokens such as smart cards or USB tokens. The certificate enrollment is performed either in person at the HR department (functioning as a registration authority, RA), or online with credentials provided by the HR department.
What to read next:
Reduce Secure Shell risk. Get to know the NIST 7966.
The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
ISACA Practitioner Guide for SSH
With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.