1.3 KiB
1.3 KiB
SSH Host Key Certificates
The SSH host keys of Puppet managed Linux hosts have a certficate which avoids below key acceptance question:
$ ssh hipa-gw
The authenticity of host 'hipa-gw (129.129.197.23)' can't be established.
ECDSA key fingerprint is SHA256:aRuVOefLvadIyDTxlSglDNylKG6eww2ZW0ddZs97dUo.
ECDSA key fingerprint is MD5:a8:be:15:24:9c:2b:82:7f:9d:9f:88:3f:e4:8c:df:cd.
Are you sure you want to continue connecting (yes/no)?
To accept SSH host keys with a certificate, please update either ~/.ssh/known_hosts (your user only) or /etc/ssh/ssh_known_hosts (system-wide) as follows:
# SSH host key certficate CA manged by PSI Puppet
@cert-authority * ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM3HQNqtTtmVtljco4zXfKMZc/6Lud+8VMHrXuoB/3e0+TVBKhS/O2pAZ1HU0o3it6VTdf+o66h8FmGKCUDiwcDPuQ/Cqmo18nWwgLYedKxHYM7oZip+9ts0IDso2LebbsspGrE4V6NqindZ+MAkKe3UvnJUFRnk+5+eSYsCe4IhidU02eVE+InXPkCpepuO4GViziV315QHBBqDeXfvQtA/EPw1TLLLVvgNokMKTcz7ObLbO6iXKK17FAqt+3ozfzOV6hGRI4g2409vW9rYjhZFUKJiG0VGmqKX7veZuUaInaVLAqPHUAT+y3h/E0oCNtY8ijXaKeuERj5BJE+Eab
@cert-authority * ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF2xLCCHNmXSeY+qNPmdo/jO2AXrcHyQDqZLBzWVwk2/GqMRDl4mavZLBPyQPNeLGAPc+BHg7iRC65wQQEeYOVU=
@cert-authority * ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhIx/obIiiO9AtrUgj7pF8kAgv4g9Dp+DRXilkmlkxK