Using SSH with SSH certificates

OpenSSH itself supports SSH Certificates that are not X.509 Certificates. As of EJBCA 7.4, basic issuance of SSH certificates are available in EJBCA.

Using SSH with X.509 certificates

The following resources provide some guidance for using SSH with X.509 certificates, or more commonly with smart cards and USB tokens:

• https://github.com/OpenSC/OpenSC/wiki/OpenSSH-and-smart-cards-PKCS%2311

• https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PKCS11.html

• https://access.redhat.com/articles/1523343

For information on using SSH with X.509 certificates there are a number of (mostly outdated) resources you can find, for example this OpenSSH and X509 authentication guide by Bruno Bonfils.