nullroute | SSH cert authority

Servers running recent enough OpenSSH versions can have their SSH host keys signed. This does not use X.509 and is for convenience only; if the cert-authority is not trusted, SSH will fall back to usual verification methods. The cert-authority keys are included below.

Also see individual hosts and the X.509 certificate authority.

Cluenet CAs have been removed, as the project is closed.

Host CA

Entry for known_hosts:

@cert-authority *.nullroute.eu.org ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAjiC5bIBSWDhU9FogwbJE6CnyOJ/QXvzitk+XxAiBTpA24tJedib7o8y+fZD3hur056ae5KSZqEDMLD8if99XrB+j1cwGa2l9O3Xwq03S19lxGmgTbeHRVf20s4UtgLSw== nullroute.eu.org host CA (2012-04-09)
@cert-authority *.nullroute.eu.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINi9073+XIwMND7qY5fFcz3tu2Oqp5ehgFAV0APFiyRq nullroute.eu.org host CA (2018-03-23)

User CA

Entry for authorized_keys:

cert-authority ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDfiMJ2Z3bxwlugnGRCn4VIof+UqS0eIOsguHiDyFSJneCJ5VNYe8maEZJIOH8c3VRusAbmwOsCuvFEuhzAObX2FUir9sfCA4V1wdp1iOLQw0jChhAxKokejM5hvbkPt+g== nullroute.eu.org user CA (2012-04-09)
cert-authority ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjI+JWugdI4Q0j7L9rGQb9A2RqDwJRJ5m7Tqhsa1ryB nullroute.eu.org user CA (2018-03-23)