Your browser does not allow storing cookies. We recommend enabling them.
In the following example we first receive the CA certificate from the PKI interoperability site of SSH Communications Security.
$$ ssh-scepclient GET-CA \
-o ca http://pki.ssh.com:8080/scep/ \
Received CA/RA certificate ca-0.ca:
Then we enroll an RSA certificate. The user is authenticated to the CA with the key
ssh. The subject name and alternative IP address are given, as well as key-usage flags.
$$ ssh-scepclient ENROLL \
-C ca-0.ca -p ssh \
-o subject -P generate://pkcs8:ssh@rsa:1024/subject \
-s 'C=FI,O=SSH,CN=SCEP Example;IP=18.104.22.168' \
-u digitalsignature \
Received user certificate subject-0.crt:
$$ ls subject*
[Front page] [Index]
Reduce Secure Shell risk. Get to know the NIST 7966.
The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
ISACA Practitioner Guide for SSH
With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.