Comment 10 for bug 1952421

Impish verification

[INSTALLED PKG VERSION]
kajiya@chloe-HAL:~$ apt-cache policy openssh-server
openssh-server:
  Installed: 1:8.4p1-6ubuntu2.1
  Candidate: 1:8.4p1-6ubuntu2.1
  Version table:
 *** 1:8.4p1-6ubuntu2.1 400
        400 http://gb.archive.ubuntu.com/ubuntu impish-proposed/main amd64 Packages
        400 http://archive.ubuntu.com/ubuntu impish-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     1:8.4p1-6ubuntu2 500
        500 http://gb.archive.ubuntu.com/ubuntu impish/main amd64 Packages

[PROCEDURE]
Create the keys/certs needed
``ssh-keygen -t rsa -b 4096 -f host_ca -C host_ca`` (no passphrase)
``ssh-keygen -f ssh_host_rsa_key -N '' -b 4096 -t rsa``
``ssh-keygen -s host_ca -I localhost -h -n localhost -V +52w ssh_host_rsa_key.pub``

Copied ssh_host_rsa_key* files over to /etc/ssh and added the following to /etc/ssh/sshd_config
``HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub``

Restarted sshd using systemctl and added ``@cert-authority localhost ssh-rsa abcdefg`` (ssh-rsa abcdefg is the contents of host_ca.pub) to ~/.ssh/known_hosts

Finally, running
ssh -vv kajiya@localhost 2>&1 | grep "Server host certificate" gives

debug1: Server host certificate: <email address hidden> SHA256:pprTqBvT2oazgTsfPF+RD47ca/W1U4JCgq5fl7m1LkA, serial 0 ID "localhost" CA ssh-rsa SHA256:l3PYuQBJMLruGeASt+BKEDGLDlk5NHx59cwW6/Qgzs4 valid from 2022-01-05T22:11:00 to 2023-01-04T22:12:07
debug2: Server host certificate hostname: localhost

which tells us the certificate was seen and used