ssh: Authenticating via certificate authority

An ssh client initiates an ssh session as a target user on a server. Both sides authenticate the other side before the session is established:

• Server authenticates client via:
  • Password: client provides the target user login password
  • Authorized key: client provides a key that the server trusts 👈 most common
  • Certificate: client provides a certificate signed by a certificate authority that the server trusts
• Client authenticates server via:
  • Key: server provides an authorized key 👈 most common
  • Certificate: server provides a certificates signed by a certificate authority that the client trusts

On the server, trusting a single certificate authority allows them to trust all clients without specific knowledge of their keys; avoiding manually configuring each server with each client.

On the client, trusting a single certificate authority allows them to trust all servers without specific knowledge of their keys; avoiding manually configuring each client with each server.