We sign the ssh fingerprints used to identify all managed linux computers (workstations and servers) in the department. This means you can add the public key of our certification authority to your ssh client and thereby have it trust the identity of our ssh servers without having to manually verify host key fingerprints. Please note that the ssh client on all departmentally-managed linux workstations is automatically configured to trust appropriately-signed ssh fingerprints.
If you configure your SSH client as described below but receive any kind of message about an unknown host key when connecting to a managed Chemistry linux computer, please close the connection attempt and email support@ch.cam.ac.uk
OpenSSH and similar
Edit your ~/.ssh/known_hosts file and add the following line (N.B. this should be one single line with no line breaks other than potentially at the end) to automatically accept properly-signed host keys when ssh'ing to any computer with a hostname ending ch.cam.ac.uk or ch.private.cam.ac.uk .
@cert-authority *.ch.cam.ac.uk,*.ch.private.cam.ac.uk ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3tqAJPFd1onW4gMwOXVSPDFIamOMPP86KAcMYdIqsNHlT3i5qB4QV/HQlPVjzAck4SbpZZ3PJqmY1qWyOm/SF3aKgwl16lR64WeputKXobvoWahJ4HlLel761czrSm4FDq83ifUKPD1ZE7BquT25jfb9Yrzmjda6CqJhzuzlA/+qzmuEKDJJ/9OC0JZOEJW6EOR/KG11tnA5OphcUvfrp1Kg0SReXptv/FEJSnPvi2sZnEkLsPKl/63qoi3g/puMIX9JXGoXAgz59/PRWnrunQ7F5SYPoMeCMomv44dGUhnQ7rjjk/lSXl8Hejy1gwkHusdKwJqMwbQmvClUtIqn3 chemistry-CA
MobaXTerm
MobaXTerm uses OpenSSH, so follow the instructions above.
PuTTY
PuTTY added support for SSH certificates in version 0.78. To trust our certificate authority, run PuTTY (after confirming you have an up-to-date version), browse to Connection > SSH > Host keys and click Configure host CAs.
Then enter the following information:
- Name for this CA: Chemistry CA (or any other name you want to use to identify the CA)
- Public key of certificate authority: AAAAB3NzaC1yc2EAAAADAQABAAABAQC3tqAJPFd1onW4gMwOXVSPDFIamOMPP86KAcMYdIqsNHlT3i5qB4QV/HQlPVjzAck4SbpZZ3PJqmY1qWyOm/SF3aKgwl16lR64WeputKXobvoWahJ4HlLel761czrSm4FDq83ifUKPD1ZE7BquT25jfb9Yrzmjda6CqJhzuzlA/+qzmuEKDJJ/9OC0JZOEJW6EOR/KG11tnA5OphcUvfrp1Kg0SReXptv/FEJSnPvi2sZnEkLsPKl/63qoi3g/puMIX9JXGoXAgz59/PRWnrunQ7F5SYPoMeCMomv44dGUhnQ7rjjk/lSXl8Hejy1gwkHusdKwJqMwbQmvClUtIqn3
- Valid hosts this key is trusted to certify: *.ch.cam.ac.uk || *.ch.private.cam.ac.uk
Then click Save at the top-right, and finally click Done to close the window.
