How to use letsencrypt certificates as host key for ssh server? [Solved]

Bliepo · January 29, 2016, 4:33pm

Hey there!
I have recently used the Let’s Encrypt service to receive my own free SSL/TLS certificate and it’s working great! I have already deployed it for the home web, ftp and mail server I run and I am very satisfied about it.

However, I started wondering whether it would be possible to use the certificate for my ssh server as well. Currently, I’m using keys I created using ssh keygen, but those do not provide validation and hence trigger a warning when one connects the first time. I tried searching but I found info about this rather confusing?

Summarizing:

Is it possible to use the Let’s Encrypt certificate for an SSH server?
If so, how should I configure SSH for this to work?

The operating system is Debian btw.

kroboto · January 29, 2016, 4:47pm

Possible but not really worth the hassle. If my memory serves me well, SSH client does not do chains and will still give warning on first connection as Lets Encrypt certs are cross signed vs being their own root.

TCM · January 30, 2016, 12:48am

You’re looking for https://tools.ietf.org/html/rfc4255

Archer · January 30, 2016, 8:39am

I don't believe this is the case. Every time you initially connect to a new host via SSH, an entry containing information about the new host is appended to a file usually located in .ssh/known_hosts.

--..Archer

kerio · January 30, 2016, 6:20pm

SSH doesn’t use X.509, and it doesn’t use the same PKI as https does.