...
host certificate public key: There is one public key to authenticate servers.
Code Block language bash yubikeyX.pub
...
Configuration paths
There are two different options to tell the ssh daemon about the certificate: global or user based. 'user based' or 'global'
'user based'global: The certificate is valid for each one specific user on the client.user based'global': The certificate is valid for one specific user on the client.
To work correctly there are two things that need to be done:
- provide the certificate such that the client can authenticate its-self on the server side. To do so, the ssh daemon needs to know where the certificate is stored and that it is need to login to *.netdef.org
- provide the public host key such that the client can authenticate the host's certificate. This is done by adding a new entry in the known_hosts file.
The certificates can be installed for a single user or for all users in a machine.
...
- each user on the client.
user based
| Code Block | ||
|---|---|---|
| ||
SSH_CERTIFICATES=$HOME/.ssh/netdef SSH_CONFIG=$HOME/.ssh/config SSH_KNOWNHOSTS=$HOME/.ssh/known_hosts |
...