...
- provide the certificate such that the client can authentificate itsself authenticate its-self on the server side. To do so, the ssh daemon needs to knwo know where the certificate is stroed stored and that it is need to login to *.netdef.org
- provide the public host key such that the client can authenticate the host's certificate. This is done by adding a new entrie entry in the known_hosts file.
The certificates can be installed for a single user or for all users in a machine.
...