Versions Compared

Old Version 16

changes.mady.by.user user-22c13

Saved on

compared with

New Version Current

changes.mady.by.user user-22c13

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • 'user based': The certificate is valid for one specific user on the client.

    Code Block
    languagebash
    SSH_CERTIFICATES=$HOME/.ssh/netdef
SSH_CONFIG=$HOME/.ssh/config
SSH_KNOWNHOSTS=$HOME/.ssh/known_hosts


  • 'global': The certificate is valid for each user on the client.

    Code Block
    languagebash
    SSH_CERTIFICATES=/etc/ssh/netdef
SSH_CONFIG=/etc/ssh/ssh_config
SSH_KNOWNHOSTS=/etc/ssh/ssh_known_hosts


2 -

...

Step 1 - Setup cert-authority

To setup the host certificate the public key of the CA authority is needed. There are three public keys called  'yubikey1.pub', 'yubikey2.pub' and 'yubikey3.pub'.

Add the following line to '$SSH_KNOWNHOSTS' where 'yubikeyX.pub' must be replaced with the public key stored in 'yubikeyX.pub'.

Code Block
languagebash
@cert-authority *.netdef.org `yubikey1.pub`
@cert-authority *.netdef.org `yubikey2.pub`
@cert-authority *.netdef.org `yubikey3.pub`

...

Client Certificate

Step 1 - Sign client's public key

...