How to Install an SSH Certificate

SSH or Secure Shell protocol allows two ways of authentication, one is the usual user name/password combination, and the other is use of a pair of public/private keys. These keys need to be generated and appended to on the remote server to allow for a more secure mode of login. In this tutorial we will guide you on how to install an SSH certificate in Ubuntu.



Step#1: Generate SSH Keys
First step to install SSH certificate is to generate a pair of public/private keys. Let’s open up the command prompt and type in:
ssh-keygen –f test-ca
The ssh-keygen command over here generates authentication keys. The ‘-f’ switch over is used to define the file name of the key file, after which comes the name which you want to keep.
creating a pair of SSH keys

Step#2: Installing the keys
Now let’s copy the newly created key file in the ssh folder.
copying the keys to SSH folder

Step#3: Configuring SSH
With that done, let’s head back to the terminal application and open up the ssh configuration file in the graphical editor.
Over here, we will use the CA keys to mark the newly created authorized key as trusted for the host authentication. For that, we will type “trusted user CA keys” in a new line over here, along with the path of the authorized key.
Without this line, the SSH certificate won’t be created since the configuration file won’t be able to locate the authorized key.
updating configuration to use the keys

Step#4: Restart SSH service
Now let’s save the changes made and restart the ssh server for that type the command
service ssh restart
and hit enter.
restarting for changes to take effect

Step#5: SSH Certificate
With that taken care of, now let’s create a certificate for the generated key. After the ssh-keygen command, we will use the ‘-s’ switch over here to certify the authorized key with the CA key.
After that, we will type the name of the authorized file. With that done, we will specify the key identity which is required to authenticate the authorized key.
Next, we will have to specify the names of the users who will be included in the certificate. For now, let’s include the root user only. After that, we will specify the validation period of the certificate. Finally, type the path of the authorized key file.
So basically, we have created an ssh certificate with the validity of 58 weeks.
And the command is
ssh-keygen -s test-ca –I user_root –n root –V +52w /etc/ssh/test-ca.pub
creating SSH certificate

Step#6: Quick look at the Certificate
If you want to see the details of the ssh certificate, we will use the ssh-keygen command along with the ‘-L’ and the ‘f’ switch, after which we will specify the path of the certificate.
Ssh-keygen –L –f /etc/ssh/test-cs-cert.pub
The ‘-f’ switch refers to the specific file we will be using and the ‘-L’ switch is used to print the contents of the certificate on the screen.
And there you have it. All the details of the certificate are being displayed over here.
display of the SSH certificate created

And that is all about how to install SSH certificate in Ubuntu.