Copied ssh_host_rsa_key* files over to /etc/ssh and added the following to /etc/ssh/sshd_config
``HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub``
Restarted sshd using systemctl and added ``@cert-authority localhost ssh-rsa abcdefg`` (ssh-rsa abcdefg is the contents of host_ca.pub) to ~/.ssh/known_hosts
debug1: Server host certificate: <email address hidden> SHA256:pprTqBvT2oazgTsfPF+RD47ca/W1U4JCgq5fl7m1LkA, serial 0 ID "localhost" CA ssh-rsa SHA256:l3PYuQBJMLruGeASt+BKEDGLDlk5NHx59cwW6/Qgzs4 valid from 2022-01-05T22:11:00 to 2023-01-04T22:12:07
debug2: Server host certificate hostname: localhost
Impish verification
[INSTALLED PKG VERSION] gb.archive. ubuntu. com/ubuntu impish- proposed/ main amd64 Packages archive. ubuntu. com/ubuntu impish- proposed/ main amd64 Packages dpkg/status 8.4p1-6ubuntu2 500 gb.archive. ubuntu. com/ubuntu impish/main amd64 Packages
kajiya@chloe-HAL:~$ apt-cache policy openssh-server
openssh-server:
Installed: 1:8.4p1-6ubuntu2.1
Candidate: 1:8.4p1-6ubuntu2.1
Version table:
*** 1:8.4p1-6ubuntu2.1 400
400 http://
400 http://
100 /var/lib/
1:
500 http://
[PROCEDURE] rsa_key. pub``
Create the keys/certs needed
``ssh-keygen -t rsa -b 4096 -f host_ca -C host_ca`` (no passphrase)
``ssh-keygen -f ssh_host_rsa_key -N '' -b 4096 -t rsa``
``ssh-keygen -s host_ca -I localhost -h -n localhost -V +52w ssh_host_
Copied ssh_host_rsa_key* files over to /etc/ssh and added the following to /etc/ssh/ sshd_config ssh_host_ rsa_key- cert.pub` `
``HostCertificate /etc/ssh/
Restarted sshd using systemctl and added ``@cert-authority localhost ssh-rsa abcdefg`` (ssh-rsa abcdefg is the contents of host_ca.pub) to ~/.ssh/known_hosts
Finally, running
ssh -vv kajiya@localhost 2>&1 | grep "Server host certificate" gives
debug1: Server host certificate: <email address hidden> SHA256: pprTqBvT2oazgTs fPF+RD47ca/ W1U4JCgq5fl7m1L kA, serial 0 ID "localhost" CA ssh-rsa SHA256: l3PYuQBJMLruGeA St+BKEDGLDlk5NH x59cwW6/ Qgzs4 valid from 2022-01-05T22:11:00 to 2023-01-04T22:12:07
debug2: Server host certificate hostname: localhost
which tells us the certificate was seen and used