From ea0fc1592439ffd9d799e9914a727240f562fa28 Mon Sep 17 00:00:00 2001
From: ebner <simon.ebner@psi.ch>
Date: Wed, 9 Feb 2022 13:06:05 +0100
Subject: [PATCH] add ssh signing example

---
 infrastructure-guide/home.md | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/infrastructure-guide/home.md b/infrastructure-guide/home.md
index aa8fd728..9ac622b9 100644
--- a/infrastructure-guide/home.md
+++ b/infrastructure-guide/home.md
@@ -52,4 +52,15 @@ Access to the redhat.com knowledge base:
 * [SSH config](sshconf)
 
 # HTTPS Certificates
-* [HTTPS Certificates](https_certificates)
\ No newline at end of file
+* [HTTPS Certificates](https_certificates)
+
+# SSH Certificates / Signing Public User Keys
+
+Use the ca certificate that is on the "Kai special USB stick" (the certificate permissions needs to be 600 !)
+
+The signing is done like this:
+```bash
+ssh-keygen -s user-ca -I <username> -n <username> -V +55w id_ed25519.pub
+```
+
+More details on how this works can be found in this article: https://engineering.fb.com/2016/09/12/security/scalable-and-secure-access-with-ssh/
\ No newline at end of file