Abstract

Many Linux and BSD users are familiar with the concept of using SSH keys for authenticating access to a remote machine. However, what I do not hear about as commonly is how to manage SSH keys with a fleet of machines. Initially when thinking about distributing SSH keys to a small group of machines, I thought of several “solutions”. Then, I began to wonder how SSH keys were managed for fleets consisting of multiple thousands of machines. The most obvious answer is something like Ansible or Chef. While both of those tools, and many other orchestration software packages, would be able to solve this problem, it seems like overkill for the small fleet of less than 10 machines.

Thankfully, Open SSH has a built in method for doing this with Certificate Authorities.

Setting Up the Certificate Authority

ssh-keygen -f server_ca

Sources

https://www.digitalocean.com/community/tutorials/how-to-create-an-ssh-ca-to-validate-hosts-and-clients-with-ubuntu