Cheat Sheet logoCheat Sheet Today
SSH Keys and Agent Cheat Sheet/Sign a host key with a CA

Create a host certificate from a host CA key.

Back to sheetBrowse commands
Sign in to save
Section: Authorized Keys and Host Keys

Sign a host key with a CA

bash
bash
ssh-keygen -s ~/.ssh/ca_host -I host-web01 -h -n web01.example.com /etc/ssh/ssh_host_ed25519_key.pub
Explanation

Create a host certificate from a host CA key.

View in sheet →

Learn the surrounding workflow

Compare similar commands or jump into common fixes when this command is part of a bigger troubleshooting path.

Compare commandsView fixes

Related commands

Same sheet · prioritizing Authorized Keys and Host Keys
Scan a host key
Fetch a server host key without logging in.
OpenIn sheetbashsame section
Install your public key on a server
Append your public key to a remote account's authorized_keys.
OpenIn sheetbashsame section
Install key on custom port
Use ssh-copy-id with a non-default SSH port.
OpenIn sheetbashsame section
Add a host key to known_hosts
Append a scanned host key to your known_hosts file.
OpenIn sheetbashsame section
Find a host in known_hosts
Search known_hosts for a specific host entry.
OpenIn sheetbashsame section
Remove a host from known_hosts
Delete stale host key entries for a host.
OpenIn sheetbashsame section