How to use letsencrypt certificates as host key for ssh server? [Solved]


#1

Hey there!
I have recently used the Let’s Encrypt service to receive my own free SSL/TLS certificate and it’s working great! I have already deployed it for the home web, ftp and mail server I run and I am very satisfied about it.

However, I started wondering whether it would be possible to use the certificate for my ssh server as well. Currently, I’m using keys I created using ssh keygen, but those do not provide validation and hence trigger a warning when one connects the first time. I tried searching but I found info about this rather confusing?

Summarizing:

  1. Is it possible to use the Let’s Encrypt certificate for an SSH server?
  2. If so, how should I configure SSH for this to work?

The operating system is Debian btw.


Confusion about TLS Based Protocols and Certificates and SSH Keys and Host Keys
#2

Possible but not really worth the hassle. If my memory serves me well, SSH client does not do chains and will still give warning on first connection as Lets Encrypt certs are cross signed vs being their own root.


#3

You’re looking for https://tools.ietf.org/html/rfc4255


#4

I don’t believe this is the case. Every time you initially connect to a new host via SSH, an entry containing information about the new host is appended to a file usually located in .ssh/known_hosts.

–…Archer


#5

SSH doesn’t use X.509, and it doesn’t use the same PKI as https does.