ssh certificate usage

Hans postbus111 at
Wed Apr 28 04:49:19 EST 2010

I am trying to find out how I can use the new self-signed certificates
So what I read in the man pages, it should be something like:

1) ssh-keygen -f ca_rsa	  # generate a ssh keypair for use as a certificate

2) make sure your /etc/ssh/sshd_config has TrustedUserCAKeys assigned
TrustedUserCAKeys  /etc/ssh/sshcakeys       # or whatever name or
location you like

3) edit /etc/ssh/sshcakeys and add the contents of in it

4) for a user generate a certificate of its public key
  ssh-keygen -s ca_rsa -I keyid -n user
This will generate an certificate file

5) ssh user at server        # connect to server using the certificate

Is this correct or did I miss something ?

Is it also possible to disable the plain public key authentication and
only accept certificate authentication (can't find an option for this
in sshd_config)



More information about the openssh-unix-dev mailing list