nullroute | SSH cert authority

Servers running recent enough OpenSSH versions can have their SSH host keys signed. This does not use X.509 and is for convenience only; if the cert-authority is not trusted, SSH will fall back to usual verification methods. The cert-authority keys are included below.

Also see individual hosts and the X.509 certificate authority.

Nullroute – host CA

Domains: *.nullroute.eu.org

Public key: nullroute-host-ca.pub

Entry for known_hosts:

@cert-authority *.nullroute.eu.org ecdsa-sha2-nistp384 AAAAE2VjZHNhLXN
oYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAjiC5bIBSWDhU9FogwbJE6CnyOJ/QXvz
itk+XxAiBTpA24tJedib7o8y+fZD3hur056ae5KSZqEDMLD8if99XrB+j1cwGa2l9O3Xwq
03S19lxGmgTbeHRVf20s4UtgLSw== nullroute.eu.org host CA (2012-04-09)

Cluenet – host CA

Domains: *.cluenet.org

Public key: cluenet-host-ca.pub

Entry for known_hosts:

@cert-authority *.cluenet.org ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTIt
bmlzdHAzODQAAAAIbmlzdHAzODQAAABhBFX4UjYDzU5Y/eA7qyM3aIPlxuIcm/ZXH9jpO3
95roFbPxCruAhh4mEL30qpp+jHUOBqtwVC90t9WfmzMYObGcFnAB53Bck8CzGk99LLMk18
u1CanrKcWGjmi+6AMGabGg== cluenet.org host CA (2012-03-26)

Nullroute – user CA

Public key: nullroute-user-ca.pub

Entry for authorized_keys:

cert-authority ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAA
IbmlzdHAzODQAAABhBDfiMJ2Z3bxwlugnGRCn4VIof+UqS0eIOsguHiDyFSJneCJ5VNYe8
maEZJIOH8c3VRusAbmwOsCuvFEuhzAObX2FUir9sfCA4V1wdp1iOLQw0jChhAxKokejM5h
vbkPt+g== nullroute.eu.org user CA (2012-04-09)

Cluenet – user CA

Public key: cluenet-user-ca.pub

Entry for authorized_keys:

cert-authority ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAA
IbmlzdHAzODQAAABhBPraNB+KYUuJQYoPk0Y6VSppdvk/yJ+29hJcxmPbPTE+5yAZYRTYP
80bNvxgp2QTO8L5z5s24fAe/+zwrbHq7gpHv/xYx0+MtEhn8WNQznDoELiFxTnKhEB1RmI
plsiRxw== cluenet.org user CA (2012-03-26)