add ssh signing example

2022-02-09 13:06:05 +01:00
parent d021ed4421
commit ea0fc15924
1 changed files with 12 additions and 1 deletions
--- a/infrastructure-guide/home.md
+++ b/infrastructure-guide/home.md
@@ -52,4 +52,15 @@ Access to the redhat.com knowledge base:
 * [SSH config](sshconf)

 # HTTPS Certificates
-* [HTTPS Certificates](https_certificates)
+* [HTTPS Certificates](https_certificates)
+
+# SSH Certificates / Signing Public User Keys
+
+Use the ca certificate that is on the "Kai special USB stick" (the certificate permissions needs to be 600 !)
+
+The signing is done like this:
+```bash
+ssh-keygen -s user-ca -I <username> -n <username> -V +55w id_ed25519.pub
+```
+
+More details on how this works can be found in this article: https://engineering.fb.com/2016/09/12/security/scalable-and-secure-access-with-ssh/