Cheat Sheet logoCheat Sheet Today
OpenSSH Server Admin Cheat Sheet/Sign a user public key

Create a short-lived user certificate from a CA.

Back to sheetBrowse commands
Sign in to save
Section: Server Keys and Certificates

Sign a user public key

bash
bash
ssh-keygen -s ~/.ssh/ca_user -I alice@example.com -n alice -V +52w ~/.ssh/id_ed25519.pub
Explanation

Create a short-lived user certificate from a CA.

View in sheet →

Learn the surrounding workflow

Compare similar commands or jump into common fixes when this command is part of a bigger troubleshooting path.

Compare commandsView fixes

Related commands

Same sheet · prioritizing Server Keys and Certificates
Generate a user CA key
Create a key pair for signing user certificates.
OpenIn sheetbashsame section
Trust a user CA in sshd_config
Allow user certificates signed by a trusted CA.
OpenIn sheetsshdconfigsame section
Trust a host CA in known_hosts
Trust host certificates signed by a CA.
OpenIn sheettextsame section
Generate a host Ed25519 key
Create an Ed25519 host key for sshd.
OpenIn sheetbashsame section
Test sshd configuration
Validate sshd_config syntax before restart.
OpenIn sheetbash1 tag match
Disable password authentication
Require key-based authentication on the server.
OpenIn sheetsshdconfig1 tag match