Today I will be looking at using openssh key pairs to replace the openssh password, however with a bit of a difference. Instead of using just host and user keys, I will be configuring OpenSSH Server and OpenSSH client to use host and user certificates.
Note: This is a step up from using SSH public and private keys for your host and users

00:00 Intro
00:28 Host & User Certificates for OpenSSH
00:48 OpenSSH key management
01:44 Public Key and Passwords
02:49 Trust on First Use (TOFU)
05:13 Best Practice Use SSH Certificates
07:20 Create Host CA keys
08:20 Host Certificate
11:26 Best Practice Use Separate Host and User CAs
12:40 Create User CA
13:06 Generate or reuse existing Host Keys
13:40 Sign the Host Certificates
14:48 Copy Host Keys and Host Cert to SSH Server
15:53 Configure SSH Clients to use Host Certificates
17:11 User Keys
17:30 Sign User Public Key
18:28 Copy User Keys and User Cert to User Home Dir
18:47 Configure TrustedUserCAKeys
19:34 Other Best Practices
20:19 What we covered
21:01 Outro

Support me on Patreon:   / djware  
Follow me:
Twitter @djware55
Facebook:  / don.ware.7758  
Discord:   / discord  
Gitlab: https://gitlab.com/djware27

"Brightly Fancy" Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/b...

"Militaire Electronic" Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/b...

Werq by Kevin MacLeod
Link: https://incompetech.filmmusic.io/song...
License: https://filmmusic.io/standardlicense'>https://filmmusic.io/standardlicense

Industrial Cinematic by Kevin MacLeod
Link: https://incompetech.filmmusic.io/song...
License: https://filmmusic.io/standardlicense'>https://filmmusic.io/standardlicense

Music Used in this video
"NonStop" Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License

#ssh #openssh #opensshcert