1 - Abstract
As there are two different types of certificates, there are two individual tasks to setup a client.
- Host Certificate
- Client Certificate
If one would like to use only one certificate, execute the corresponding subtask.
There are two different options to tell the ssh daemon about the certificate:
'user based' (recommended) or
'user based': The certificate is valid for one specific user on the client.
'global': The certificate is valid for each user on the client.
2 - Host certificate
Step 1 - Setup cert-authority
To setup the host certificate the public key of the CA authority is needed. There are three public keys called
Add the following line to
'yubikeyX.pub' must be replaced with the public key stored in
3 - Client Certificate
Step 1 - Sign client's public key
The instructions how to singed a clients public key can be found here.
The CA provides a zip file where all signed keys are stored.
Step 2 - Copy all certificates to netdef folder
Copy all certificates that can be found in the provided tar file to the folder
Step 3 - Edit the config file
Add the following lines to
. The name of the certificate as well as
' must be replaced with the correct file name and the correct path to the folder respectively.