Setup the SSH keys to auto-login
Create the master key that the SSH server trusts
On the SSH server, create a keypair. If you already have a key setup, can just add
the ca_key.pub content into the current TrustedCAKeys
cd /etc/ssh
ssh-keygen -t rsa-f ca_key
Register the new key with the SSH server
edit /etc/ssh/sshd_config
Add TrustedUserCAKeys /etc/ssh/ca_key.pub
Make sure this is set to yes PubkeyAuthentication yes
Restart the SSH server
sudo service sshd restart
Sign a certificate for the client
The client should already have a certificate installed at:
/home/<user>/.ssh/id_rsa.pub
.
Then sign that id_rsa_pub - make it available to the server somehow.
Client certificates
the client certificates can be called anything - make sure /etc/ssh/ssg_config
has an entry for IdentityFile that matches the name
Signing the client certificate
ssh-keygen -s /etc/ssh/ca_key -I key-name -n <user> -V +365d -z 1 /home/<user>/.ssh/id_rsa.pub
<user> is the user id that you want to log in as
/etc/ssh/ca_key is the private key created above
the signed key is now in id_rsa-cert.pub
Setup the new client key in a client that will log on to the server
copy the signing certificate /home/<user>/.ssh/id_rsa-cert.pub to the client owning the id_rsa.pub key