1 - Abstract

Certificate-based SSH authentication is superior to SSH keys in many ways:

2- Repository

The following github repository provides the code base to setup a Certification Authority and later sign the certificates.

https://github.com/jlangenegger/ssh_certificate/

3 - Setup

For the purposes of this explanation, let’s consider three systems:

4 - Certificates

There are two different certificates that are possible:

Here at NetDEF we use the client certificate only.

5 - Configuration

There are separate pages the guide you through the installation process for the Certificate Authority, the client and the host: