Configuring your OpenSSH servers to trust your SSH CA hosted by SSH Protect

Before you can begin issuing SSH certificates, you need to configure your OpenSSH servers to trust your SSH CA. This allows your clients to use SSH certificates to connect to these OpenSSH servers.

To configure an OpenSSH server to trust your SSH CA (for user authentication)

1. Retrieve the CA public key.

2. Use an existing SSH connection to connect to the host machine.

3. Create the following text file, then paste the CA's public key in the file, and save it.

   /etc/ssh/trusted_user_ca_keys

4. Change the file permission so only ROOT can write to that file.

5. Configure the OpenSSH service to use the newly-created file by

   1. Opening /etc/ssh/sshd_config

   2. Adding TrustedUserCaKeys /etc/ssh/Trusted_user_ca_keys

6. Restart the OpenSSH service.

What's next

Now you have configured your host to use and trust the SSH CA, the final step is to configure your client to use and trust the SSH CA.