Perhaps because of Tiny CA blog post there has been discussions github about the use of SSH certificates, for windows and posix-like OSes. I've been describing more or less how step ssh config works, how step ssh proxycommand works and how to configure it to use your oidc provider, ...
For windows users I've been pointing to microsoft docs on how to install OpenSSH and active the ssh-agent.
Our current turorials on smallstep.com/docs are focussed on X.509 rather than SSH. We need to add some docs there describing all the steps required, and how you can configure a client and a host properly.
And also add docs on how to configure the host if you don't have access to sshd_config. A user wants to use TinyCA to generate SSH certificatets, with help, his managed to generate SSH keys in yubikey and have that sign certificates, he wants to connect to HPC clusters with those certificates. Mike also helped with this.
Description
Perhaps because of Tiny CA blog post there has been discussions github about the use of SSH certificates, for windows and posix-like OSes. I've been describing more or less how step ssh config works, how step ssh proxycommand works and how to configure it to use your oidc provider, ...
For windows users I've been pointing to microsoft docs on how to install OpenSSH and active the ssh-agent. Our current turorials on smallstep.com/docs are focussed on X.509 rather than SSH. We need to add some docs there describing all the steps required, and how you can configure a client and a host properly.
And also add docs on how to configure the host if you don't have access to sshd_config. A user wants to use TinyCA to generate SSH certificatets, with help, his managed to generate SSH keys in yubikey and have that sign certificates, he wants to connect to HPC clusters with those certificates. Mike also helped with this.
See for example: