On Wed 13 Jul 2022 at 18:40:18 (-0400), Dan Purgert wrote:
> On Jul 13, 2022, rhkra...@gmail.com wrote:
> > I seem to have gone down a rabbit hole.
> >
> > I want(ed?) to set up ssh on my LAN using certificate authentication, and
> > am
> > having a lot of trouble finding the information I need / would like to have.
>
> Which is what, exactly? Other than the "active mailing list" you
> mentioned in a snipped segment.
>
> SSH with cert-auth is pretty trivial to implement on most distros:
>
> 1. install openssh-server (if not already installed) on SERVER (the
> machine you will connect to)
> 2. on the CLIENT (machine you will connect from), run ssh-keygen to
> generate a new ssh keypair. For example -- ssh-keygen -t ed25519 -f
> keyfile -- will generate a new ED25519-based keypair ("keyfile" and
> "keyfile.pub").
> 3. copy the content of keyfile.pub to $HOME/.ssh/authorized_keys on the
> SERVER machine
> 4. try logging into SERVER with your key (e.g. ssh -i keyfile
> user@SERVER)
>
> For "best security" repeat steps 2-4 on all CLIENT machines to create
> individual client keys -- just make sure to APPEND to authorized_keys.
That's what I do, but that's /key/ authentication, not cert.
(Search for "certificate" in man ssh-keygen to see what's
involved with certificates.) I'm afraid I'm not up to speed
on that topic.
Cheers,
David.
