Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity
Files
bb89937d97b7aed2bbad3b2ed1d30c24d0fffa43
gitea-pages/user-guide/ssh_host_key_certificates.md
Konrad Bucheli f17afaf020 RSA makes trouble
2024-01-12 08:14:59 +01:00

20 lines
943 B
Markdown
Raw Blame History

# SSH Host Key Certificates
The SSH host keys of Puppet managed Linux hosts have a certficate which avoids below key acceptance question:
```
$ ssh hipa-gw
The authenticity of host 'hipa-gw (129.129.197.23)' can't be established.
ECDSA key fingerprint is SHA256:aRuVOefLvadIyDTxlSglDNylKG6eww2ZW0ddZs97dUo.
ECDSA key fingerprint is MD5:a8:be:15:24:9c:2b:82:7f:9d:9f:88:3f:e4:8c:df:cd.
Are you sure you want to continue connecting (yes/no)?
```
To accept SSH host keys with a certificate, please update either `~/.ssh/known_hosts` (your user only) or `/etc/ssh/ssh_known_hosts` (system-wide) as follows:
```
# SSH host key certficate CA manged by PSI Puppet
@cert-authority * ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBF2xLCCHNmXSeY+qNPmdo/jO2AXrcHyQDqZLBzWVwk2/GqMRDl4mavZLBPyQPNeLGAPc+BHg7iRC65wQQEeYOVU=
@cert-authority * ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhIx/obIiiO9AtrUgj7pF8kAgv4g9Dp+DRXilkmlkxK
```
View Git Blame Copy Permalink