OpenSSH Certificates
ZestSSH supports OpenSSH certificate authentication, which uses certificates signed by a trusted Certificate Authority (CA) instead of raw public keys. This simplifies key management in larger environments.
Availability: Free tier — All platforms
Overview
Section titled “Overview”With certificate authentication:
- A Certificate Authority (CA) signs user keys, producing a certificate.
- The server is configured to trust the CA instead of individual public keys.
- Any key signed by the trusted CA is accepted without being listed in
authorized_keys.
This eliminates the need to distribute individual public keys to every server.
How to Use
Section titled “How to Use”- Have your SSH CA sign your public key to produce a certificate file (e.g.,
id_ed25519-cert.pub). - Import both the private key and its associated certificate into ZestSSH.
- Configure the connection to use the key with the certificate.
- The server validates the certificate against its trusted CA and grants access.
When to Use Certificates
Section titled “When to Use Certificates”Certificate authentication is most useful in:
- Organizations managing many servers and users.
- Environments where public key distribution is impractical.
- Short-lived access scenarios where certificates have expiration dates.
For personal use or small environments, standard public key authentication is usually simpler.