How to deploy CA files to ssh servers.

nbeguier / cassh

SSH CA administration via CLI and GUI

https://medium.com/leboncoin-engineering-blog/cassh-ssh-key-signing-tool-39fd3b8e4de7

Apache License 2.0

73 stars 20 forks source link

How to deploy CA files to ssh servers. #80

Closed mattrose closed 4 years ago

mattrose commented 5 years ago

So, I have set up the cassh server, and created a key, but I have no idea how to deploy the files necessary to be able to use my newly created and signed key on an SSH server.

Could somebody write up some quick instructions on the following:

What files are necessary to copy from either the CASSH server or the CASSH client to the remote SSH server?
what sshd_config configuration options need to be set for the remote SSH server to be able to authenticate the CASSH-signed key.

nbeguier commented 5 years ago

You need to copy the public ca certificate on the remote ssh server. For example : /etc/ssh/ca.pem

Add this line in the sshd_config:

TrustedUserCAKeys /etc/ssh/CA.pem

Restart ssh server and it should works.

I'm available if you have other issues.