Created Certificate Authentication (markdown)

2025-07-25 23:14:54 +02:00 · 2017-10-02 17:46:24 -07:00 · 2017-10-02 17:46:24 -07:00 · 448e8c1276
commit 448e8c1276
parent 046270cbe4
1 changed files with 17 additions and 0 deletions
--- a/Certificate-Authentication.md
+++ b/Certificate-Authentication.md
@ -0,0 +1,17 @@
+#### Setup SSHD server for certificate based user authentication
+- Generate CA keys (just like any other keys)
+  - `ssh-keygen -t rsa -f ca_userkeys`
+- Register above key as trusted CA for sshd. Add following entry in sshd_config
+  - `TrustedUserCAKeys ca_userkeys.pub`
+  - Path above is relative to sshd binaries directory. Absolute path is recommended to avoid confusion
+
+At this point, server can accept any user certificates signed using ca_userkeys and there is no need to explicitly map user keys in authorized_keys
+
+#### Signing user keys
+- sign user keys using ssh-keygen
+  - `ssh-keygen.exe -s ca_userkeys -I cert_identity -V -1w:+54w5d -n username id_rsa.pub`
+  - `username` should match the user to be authenticated
+
+
+
+