SSH Key Certificates

Former Member

4 years ago

And setting up a test environment is easy. You need like three lines in your sshd_config, a signing key and that’s it. Sign your first key and you can test.
Here is a tutorial:
https://smallstep.com/docs/tutorials/ssh-certificate-login/#configure-sshd-to-accept-user-certs

For this forum post only the user key-part (not the host-key part is required). And if AgileBits is using ssh, they should consider using it as well because it is the best way to handle ssh-keys in scale. You can set expiry dates on your keys, you can easily revoke and new members of teams can be given easily access without rolling out their public key everywhere. And if you have freelancers you have a user for them on the needed servers with the right principal, sign their key with an expiry date of the end of the project and the. They won’t be able to log in anymore when the key expired.

Here is how Facebook (sorry Meta) is using it:
https://engineering.fb.com/2016/09/12/security/scalable-and-secure-access-with-ssh/

Forum Discussion

Recent Discussions

Console flooded with errors when clicking links during 1Password passkey selection dialog

WSL2 Arm Build

`op account add` with `Integrate with 1Password CLI`

1password doesn't seem to remember the key approval for JetBrains IDEA Ultimate

Use op on headless system with glab?