OpenSSH - SSH Certificates

Today I will be looking at using openssh key pairs to replace the openssh password, however with a bit of a difference. Instead of using just host and user keys, I will be configuring OpenSSH Server and OpenSSH client to use host and user certificates.
Note: This is a step up from using SSH public and private keys for your host and users

00:00 - Intro
00:28 - Host & User Certificates for OpenSSH
00:48 - OpenSSH key management
01:44 - Public Key and Passwords
02:49 - Trust on First Use (TOFU)
05:13 - Best Practice - Use SSH Certificates
07:20 - Create Host CA keys
08:20 - Host Certificate
11:26 - Best Practice - Use Separate Host and User CAs
12:40 - Create User CA
13:06 - Generate or re-use existing Host Keys
13:40 - Sign the Host Certificates
14:48 - Copy Host Keys and Host Cert to SSH Server
15:53 - Configure SSH Clients to use Host Certificates
17:11 - User Keys
17:30 - Sign User Public Key
18:28 - Copy User Keys and User Cert to User Home Dir
18:47 - Configure TrustedUserCAKeys
19:34 - Other Best Practices
20:19 - What we covered
21:01 - Outro

Support me on Patreon:   / djware  
Follow me:
Twitter @djware55
Facebook:  / don.ware.7758  
Discord:   / discord  
Gitlab: https://gitlab.com/djware27

"Brightly Fancy" Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/b...

"Militaire Electronic" Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 4.0 License
http://creativecommons.org/licenses/b...

Werq by Kevin MacLeod
Link: https://incompetech.filmmusic.io/song...
License: https://filmmusic.io/standard-license

Industrial Cinematic by Kevin MacLeod
Link: https://incompetech.filmmusic.io/song...
License: https://filmmusic.io/standard-license

Music Used in this video
"NonStop" Kevin MacLeod (incompetech.com)
Licensed under Creative Commons: By Attribution 3.0 License

#ssh #openssh #opensshcert