Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity

document public keys for SSH host key CA

Browse Source
This commit is contained in:
buchel_k
2023-02-06 14:18:49 +01:00
parent b5384c3241
commit f17a9a972d
3 changed files with 22 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
_toc.yml
View File

@@ -12,6 +12,7 @@ parts:
- file: user-guide/login_servers
- file: user-guide/evolution_for_o365
- file: user-guide/thunderbird_for_o365
- file: user-guide/ssh_host_key_certificates
- file: user-guide/firefox_profile_per_host
- file: user-guide/putty

1
user-guide/index.md
View File

@@ -16,5 +16,6 @@ This guide contains tricks and recipies for end users using Red Hat Enterprise L
- [Login Servers](login_servers)
- [Connect Evolution with Office365](evolution_for_o365)
- [Connect Thunderbird with Office365](thunderbird_for_o365)
- SSH asks to accept key on unknown host -> [SSH Host Key Certificates](ssh_host_key_certificates)
- Firefox refuses to start with home directory on the network drive -> [Per Host Default Profile for Firefox](firefox_profile_per_host)
- AFS `permission denied` when using Putty -> [SSH Access from Windows using Putty](putty)

20
user-guide/ssh_host_key_certificates.md Normal file
View File

@@ -0,0 +1,20 @@
# SSH Host Key Certificates
The SSH host keys of Puppet managed Linux hosts have a certficate which avoids below key acceptance question:
```
$ ssh hipa-gw
The authenticity of host 'hipa-gw (129.129.197.23)' can't be established.
ECDSA key fingerprint is SHA256:aRuVOefLvadIyDTxlSglDNylKG6eww2ZW0ddZs97dUo.
ECDSA key fingerprint is MD5:a8:be:15:24:9c:2b:82:7f:9d:9f:88:3f:e4:8c:df:cd.
Are you sure you want to continue connecting (yes/no)?
```
To accept SSH host keys with a certificate, please update either `~/.ssh/known_hosts` (your user only) or `/etc/ssh/ssh_known_hosts` (system-wide) as follows:
```
# SSH host key certficate CA manged by PSI Puppet
@cert-authority * ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM3HQNqtTtmVtljco4zXfKMZc/6Lud+8VMHrXuoB/3e0+TVBKhS/O2pAZ1HU0o3it6VTdf+o66h8FmGKCUDiwcDPuQ/Cqmo18nWwgLYedKxHYM7oZip+9ts0IDso2LebbsspGrE4V6NqindZ+MAkKe3UvnJUFRnk+5+eSYsCe4IhidU02eVE+InXPkCpepuO4GViziV315QHBBqDeXfvQtA/EPw1TLLLVvgNokMKTcz7ObLbO6iXKK17FAqt+3ozfzOV6hGRI4g2409vW9rYjhZFUKJiG0VGmqKX7veZuUaInaVLAqPHUAT+y3h/E0oCNtY8ijXaKeuERj5BJE+Eab
@cert-authority * ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF2xLCCHNmXSeY+qNPmdo/jO2AXrcHyQDqZLBzWVwk2/GqMRDl4mavZLBPyQPNeLGAPc+BHg7iRC65wQQEeYOVU=
@cert-authority * ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhIx/obIiiO9AtrUgj7pF8kAgv4g9Dp+DRXilkmlkxK
```