tyler.durden
/
Win32-OpenSSH
mirror of https://github.com/PowerShell/Win32-OpenSSH.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Created Certificate Authentication (markdown)

Manoj Ampalam 2017-10-02 17:46:24 -07:00
parent 046270cbe4
commit 448e8c1276
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
Certificate-Authentication.md Normal file

@ -0,0 +1,17 @@
#### Setup SSHD server for certificate based user authentication
- Generate CA keys (just like any other keys)
- `ssh-keygen -t rsa -f ca_userkeys`
- Register above key as trusted CA for sshd. Add following entry in sshd_config
- `TrustedUserCAKeys ca_userkeys.pub`
- Path above is relative to sshd binaries directory. Absolute path is recommended to avoid confusion
At this point, server can accept any user certificates signed using ca_userkeys and there is no need to explicitly map user keys in authorized_keys
#### Signing user keys
- sign user keys using ssh-keygen
- `ssh-keygen.exe -s ca_userkeys -I cert_identity -V -1w:+54w5d -n username id_rsa.pub`
- `username` should match the user to be authenticated