SSH CA use-case with Vault
In this scenario we are going to set up Vault to sign SSH keys using an internal CA. We will configure the SSH secrets engine and create a CA within Vault. We will then configure an SSH server to trust the CA key we just created. Finally we will attempt to SSH using a private key, and a public key signed by Vault SSH CA.
- This guide assumes you have already provisioned a Vault server, SSH host using OpenSSH server, and a SSH client machine.
- The client system must be able to reach the Vault server and the OpenSSH server.
- We will refer to these systems respectively as: