This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision |
advanced:ssh_certificates [2021/07/04 10:39] – [Nethserver systems] dan | advanced:ssh_certificates [2021/07/24 14:54] – [Client configuration] dan |
---|
Before you ssh to a host that requires (or accepts) a certificate, you'll need to log in with ''%%step ssh login <username>%%''. Step will ask you for a provisioner. For now, as above, choose the ''%%(JWK)%%'' provisioner and enter its password. The CA will issue you a certificate, valid for 16 hours. | Before you ssh to a host that requires (or accepts) a certificate, you'll need to log in with ''%%step ssh login <username>%%''. Step will ask you for a provisioner. For now, as above, choose the ''%%(JWK)%%'' provisioner and enter its password. The CA will issue you a certificate, valid for 16 hours. |
| |
The "killer app" feature of Step in this regard is its ability to use OpenID Connect as a provisioner, and therefore use any compatible single sign-on service to authenticate you to the CA. More to follow on that. | The "killer app" feature of Step in this regard is its ability to use OpenID Connect as a provisioner, and therefore use any compatible single sign-on service to authenticate you to the CA. I have it running using LemonLDAP::NG as an authentication provider; [[https://wiki.nethserver.org/doku.php?id=userguide:llng|this article]] describes that process. |
| |
===== Test ===== | ===== Test ===== |