Example: Configuring PKI for SSH Secure Login Using X509v3 Certificates

The following is an example on how to use the ExtremeXOS PKI for SSH secure login using X509v3 certificates.

For example purposes, the following has been considered:

• OpenSSL is used to generate the trusted CA certificates and SSH client certificates.
• CommonIssuerModel is used for OCSP.
• OpenSSL‘s OCSP utility is used.
• Roumenpetrov‘s “PKIX-SSH” withX.509 v3 certificate support is used as an SSH client.

See the following topics for an example:

• Generating Certificates Using OpenSSL
• Downloading the Trusted Certificate to the ExtremeXOS PKI and Configuring the User Accounts
• Using OpenSSL OCSP Utility
• Using Roumenpetrov‘s “PKIX-SSH” SSH Client for Logging
• The openssl.cnf file Used in This Example