ssh certificate usage
Hans
postbus111 at gmail.com
Wed Apr 28 04:49:19 EST 2010
I am trying to find out how I can use the new self-signed certificates
So what I read in the man pages, it should be something like:
client:
1) ssh-keygen -f ca_rsa # generate a ssh keypair for use as a certificate
Server(s):
2) make sure your /etc/ssh/sshd_config has TrustedUserCAKeys assigned
TrustedUserCAKeys /etc/ssh/sshcakeys # or whatever name or
location you like
3) edit /etc/ssh/sshcakeys and add the contents of ca_rsa.pub in it
Client:
4) for a user generate a certificate of its public key
ssh-keygen -s ca_rsa -I keyid -n user id_rsa.pub
This will generate an id_rsa-cert.pub certificate file
Client:
5) ssh user at server # connect to server using the certificate
Is this correct or did I miss something ?
Is it also possible to disable the plain public key authentication and
only accept certificate authentication (can't find an option for this
in sshd_config)
thx
Hans
More information about the openssh-unix-dev
mailing list