Comment 11 for bug 1952421

Focal verification

[INSTALLED PKG VERSION]
chlo@BIG-HAL:~$ apt-cache policy openssh-server
openssh-server:
  Installed: 1:8.2p1-4ubuntu0.4
  Candidate: 1:8.2p1-4ubuntu0.4
  Version table:
 *** 1:8.2p1-4ubuntu0.4 400
        400 http://archive.ubuntu.com/ubuntu focal-proposed/main amd64 Packages
        100 /var/lib/dpkg/status
     1:8.2p1-4ubuntu0.3 500
        500 http://gb.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
     1:8.2p1-4ubuntu0.2 500
        500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages
     1:8.2p1-4 500
        500 http://gb.archive.ubuntu.com/ubuntu focal/main amd64 Packages

[PROCEDURE]
Create the keys/certs needed
``ssh-keygen -t rsa -b 4096 -f host_ca -C host_ca`` (no passphrase)
``ssh-keygen -f ssh_host_rsa_key -N '' -b 4096 -t rsa``
``ssh-keygen -s host_ca -I localhost -h -n localhost -V +52w ssh_host_rsa_key.pub``

Copied ssh_host_rsa_key* files over to /etc/ssh and added the following to /etc/ssh/sshd_config
``HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub``

Restarted sshd using systemctl and added ``@cert-authority localhost ssh-rsa abcdefg`` (ssh-rsa abcdefg is the contents of host_ca.pub) to ~/.ssh/known_hosts

Finally, running

ssh -vv chlo@localhost 2>&1 | grep "Server"
debug1: Server host certificate: <email address hidden> SHA256:s2gq1xBSdetCarwElgQd0NbjJbiE3iLDxFtJqDhBFF4, serial 0 ID "localhost" CA ssh-rsa SHA256:v8ZgezKD9Zw/Ns8I0W6mfvxCAo9jv3WznUYAFhfPfCU valid from 2022-01-05T22:46:00 to 2023-01-04T22:47:11
debug2: Server host certificate hostname: localhost

which tells us the certificate was seen and used