On Jul 13, 2022, rhkramer@gmail.com wrote:
> I seem to have gone down a rabbit hole.
>
> I want(ed?) to set up ssh on my LAN using certificate authentication, and am
> having a lot of trouble finding the information I need / would like to have.
Which is what, exactly? Other than the "active mailing list" you
mentioned in a snipped segment.
SSH with cert-auth is pretty trivial to implement on most distros:
1. install openssh-server (if not already installed) on SERVER (the
machine you will connect to)
2. on the CLIENT (machine you will connect from), run ssh-keygen to
generate a new ssh keypair. For example -- ssh-keygen -t ed25519 -f
keyfile -- will generate a new ED25519-based keypair ("keyfile" and
"keyfile.pub").
3. copy the content of keyfile.pub to $HOME/.ssh/authorized_keys on the
SERVER machine
4. try logging into SERVER with your key (e.g. ssh -i keyfile
user@SERVER)
For "best security" repeat steps 2-4 on all CLIENT machines to create
individual client keys -- just make sure to APPEND to authorized_keys.
--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: DDAB 23FB 19FA 7D85 1CC1 E067 6D65 70E5 4CE7 2860
Attachment:
signature.asc
Description: PGP signature