Add an SSH Server with Certificate Auth

From the Servers section on the left hand side, select add server. Choose SSH (Certificate Based) as the Server Type and fill in the host's details. If everything has been configured correctly the healthcheck should turn green.

Adding the strongDM CA to your hosts

If you have not already, add your organization's CA public key to the targeted host.

  1. Create a file named /etc/ssh/ and add the CA public key shown in the previous section.

  2. Update the file's permissions since SSH can sometimes be unpredictable with permissions not set correctly: sudo chmod 600 /etc/ssh/

  3. With your editor of choice, modify /etc/ssh/sshd_config by appending the following lines.

    # strongDM CA
    TrustedUserCAKeys /etc/ssh/
  4. Restart the SSH service on this host for the changes to take effect. The command may differ based on your system configuration, but here is an example:

    sudo systemctl restart ssh

For more settings see ssh certificate auth

If any errors occur, please copy them into an email and send to

Add an SSH Server with a Customer-Managed Key