1 Abstract

As there are two different certificates, there are two individual tasks in order to setup a hosts. If one would like to use only one certificate, execute the corresponding task.

2 Host Certificate

2.1 Sign host's public key

To enable certificate based login on a host, its public rsa key needs to be singed by the CA authority. TO do so copy the public rsa key 'ssh_host_rsa_key.pub' to the CA, signed it and copy the certificate back to the host. The resulting certificate is called 'ssh_host_rsa_key-cert.pub'.

2.1 Tell the SSH daemon about the certificate

To tell the SSH daemon about the certificate add the following configuration lines to the file '/etc/ssh/sshd_config'. The host sends this certificate to the client to identify itself as a trusted host.

...