It would be nice to implement some sort of security measure allowing only specific hosts/clients to connect to devices.
Options:
- Perhaps the nameserver provides a service that authenticates individual certificates, and then securely provides a daily-generated certificate for connecting to new devices?
- All "approved" clients are required to generate an ssh key pair, the public key of which is stored on all computers hosting services (and/or the nameserver), verified before connecting
It would be nice to implement some sort of security measure allowing only specific hosts/clients to connect to devices.
Options: