Setup the SSH keys to auto-login

Create the master key that the SSH server trusts

On the SSH server, create a keypair. If you already have a key setup, can just add the ca_key.pub content into the current TrustedCAKeys


cd /etc/ssh

ssh-keygen -t rsa-f ca_key

Register the new key with the SSH server

edit /etc/ssh/sshd_config
Add TrustedUserCAKeys /etc/ssh/ca_key.pub
Make sure this is set to yes PubkeyAuthentication yes

Restart the SSH server

sudo service sshd restart

Sign a certificate for the client

The client should already have a certificate installed at: /home/<user>/.ssh/id_rsa.pub.
Then sign that id_rsa_pub - make it available to the server somehow.

Client certificates

the client certificates can be called anything - make sure /etc/ssh/ssg_config has an entry for IdentityFile that matches the name

Signing the client certificate

ssh-keygen -s /etc/ssh/ca_key -I key-name -n <user> -V +365d -z 1 /home/<user>/.ssh/id_rsa.pub
<user> is the user id that you want to log in as
/etc/ssh/ca_key is the private key created above
the signed key is now in id_rsa-cert.pub

Setup the new client key in a client that will log on to the server

copy the signing certificate /home/<user>/.ssh/id_rsa-cert.pub to the client owning the id_rsa.pub key