miniguide

AD SSH & Certificate-Based Login Cheatsheet: Secure and Effortless Authentication

Introduction

This cheatsheet provides essential commands for configuring SSH integration with Active Directory and performing certificate-based logins, making authentication seamless for DevOps professionals.

Table of Contents

• AD SSH \& Certificate-Based Login Cheatsheet: Secure and Effortless Authentication
  • Introduction
  • Table of Contents
    • 1. Generate SSH Key Pair
    • 2. Add SSH Key to AD Account
    • 3. Configure SSH for AD Authentication
    • 4. Test SSH Connection
    • 5. Login via SSH with Certificate
    • 6. Convert PEM to PPK (Windows)
    • 7. List SSH Keys in AD
    • 8. Remove SSH Key from AD
    • 9. Troubleshoot SSH Connection
    • 10. Automate SSH Login with Cert

1. Generate SSH Key Pair

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

2. Add SSH Key to AD Account

Example using Azure CLI for AD extension:

az ad user update --id <userPrincipalName> --set sshPublicKey="$(cat ~/.ssh/id_rsa.pub)"

3. Configure SSH for AD Authentication

Edit your SSH config file:

Host myadhost
    HostName <hostname>
    User <username>
    IdentityFile ~/.ssh/id_rsa

4. Test SSH Connection

ssh myadhost

5. Login via SSH with Certificate

ssh -i /path/to/cert.pem <username>@<hostname>

6. Convert PEM to PPK (Windows)

Using PuTTYgen:

puttygen cert.pem -o cert.ppk

7. List SSH Keys in AD

Example (requires custom scripting or additional modules):

az ad user show --id <userPrincipalName> --query sshPublicKey

8. Remove SSH Key from AD

az ad user update --id <userPrincipalName> --remove sshPublicKey

9. Troubleshoot SSH Connection

ssh -vvv myadhost

10. Automate SSH Login with Cert

Example using ssh-agent:

eval "$(ssh-agent -s)"
ssh-add /path/to/cert.pem
ssh myadhost