Add an SSH Server with Certificate Auth
From the Servers section on the left hand side, select
add server. Choose
SSH (Certificate Based) as the Server Type and fill in the host's details. If everything has been configured correctly the healthcheck should turn green.
Adding the strongDM CA to your hosts
If you have not already, add your organization's CA public key to the targeted host.
Create a file named
/etc/ssh/sdm_ca.puband add the CA public key shown in the previous section.
Update the file's permissions since SSH can sometimes be unpredictable with permissions not set correctly:
sudo chmod 600 /etc/ssh/sdm_ca.pub
With your editor of choice, modify
/etc/ssh/sshd_configby appending the following lines.# strongDM CATrustedUserCAKeys /etc/ssh/sdm_ca.pub
Restart the SSH service on this host for the changes to take effect. The command may differ based on your system configuration, but here is an example:sudo systemctl restart ssh
For more settings see ssh certificate auth
If any errors occur, please copy them into an email and send to firstname.lastname@example.org.