3

I'm trying to do a ssh connection based on certificates. I'm following this guide. If you look at it there is a step where I have to put line

@cert-authority *.example.com contents-of-public-key-file

in file 

~/.ssh/known_hosts

However, my public key file looks like:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpveL9YYQwYzkVC/wOMvSCUIQEueXD+WiFz/mZUtsw5LSwS7spRAGs9XxWd3/98Pog0u0tFTALYunYpbsNDRSwu8oNJTFkFLCuKf/UUeQSHo9ttGDGPxO0Yx3QufOy/OwFE28dunomqLU2GIGDdf4LVM5tCIDbBZ8Tk3UBAIrpSHJlHbGGtjlH5bcxHHz5QDRMvh7AnQMwVRdHcdbV3FislzDJwMhvGftwKbe2m+4fT0KLDMhP4hA+7v8PEtENcRwAI+2a0E7fvCVijf2K4wjYq9RZZE7ZuCddKCKvCVjqPhWHZMp+FOu3lD634OxUzH3SRGDGjBfI2figVZHFNzsNk0cZjHeSD1F0Nk1htxrq7et4bpAsavHzvayrUKkZWs97tVXrH1EmzRlKV6alvuF3AIYBl3yI7CCS7WaqZiT376Ilo8c0Voy8WjU0wVTZeUfTYWMLRA4X5T/KYAsGORKniLuaIvi1i8dALhluH5CZEyHx0t3rQuyYbVeGQq+6ha5DnY/OS8UsMJ7DxrBJWgzxdizMKar9N5rEPIOKBPLrk8XO7wLUd0vVcnRYe129nC+Sk20vvWa7+YbJDUgLTpyUlI1EQkq0vIGHs2WEDH31Ye7GYUzOPu205s1IABdTO82IZFEynLuPNqwza3y5fnnesWieLN6D15jP1UD+b/7Lew== CA key for spsi

And furthermore this doesn't match the syntax of known_hosts which has lines of the form:

|1|YFa0r2/C0Q2ENwoA3zfBtvVopWQ=|eo4lCYYLUr/54pD+Wmr25XESwuM= ssh-dss AAAAB3NzaC1kc3MAAACBAJtrmDPnRNMEANyxlvkz1I0Hv3RLGdjWr0frJgr+wQmY0MnwKO+QDzhklq

Do you have a clear way of doing this in the command line rather than editing manually the file? Also, what is the idea of this whole scheme? What is the difference between a certificate approach and a public/private key system?

Improve this question

1 Answer 1

Reset to default
3

And furthermore this doesn't match the syntax of known_hosts which has lines of the form:

This does not matter. One of them is hashed (Ubuntu default) and you are using non-hashed version. They can coexist next to each other without any problem. Just do as requested:

@cert-authority *.example.com ssh-rsa [...base64blob...] CA key for spsi

Do you have a clear way of doing this in the command line rather than editing manually the file?

Do it manually. There is no command-line way of doing that unless you will write some script.

Also, what is the idea of this whole scheme? What is the difference between a certificate approach and a public/private key system?

With Certificates you will have only single line in your known hosts, that will verify all servers hosts keys that are signed by this CA. And you will never get asked to verify hosts keys for these hosts (which is the most annoying feature of SSH).

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.