To enable certificate based login on a host, the public rsa key ssh_host_rsa_key.pub needs to be signed. The resulting certificate is called ssh_host_rsa_key-cert.pub. To enable ssh based login two things are required on the host:
ssh_host_rsa_key-cert.pubyubikeyX.pubTo tell the SSH daemon about the certificate add the following configuration lines to the file /etc/ssh/sshd_config. In addition copy the certificate to the specified location. The host sends this certificate to the client to identify itsself as a trusted host.
### Host certificate HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub |