In Depth "How the step-ca SSH world works"

[maraino]

Description

Perhaps because of Tiny CA blog post there has been discussions github about the use of SSH certificates, for windows and posix-like OSes. I've been describing more or less how step ssh config works, how step ssh proxycommand works and how to configure it to use your oidc provider, ...

For windows users I've been pointing to microsoft docs on how to install OpenSSH and active the ssh-agent.
Our current turorials on smallstep.com/docs are focussed on X.509 rather than SSH. We need to add some docs there describing all the steps required, and how you can configure a client and a host properly.

And also add docs on how to configure the host if you don't have access to sshd_config. A user wants to use TinyCA to generate SSH certificatets, with help, his managed to generate SSH keys in yubikey and have that sign certificates, he wants to connect to HPC clusters with those certificates. Mike also helped with this.

See for example:

• HPC cluster host for SSH certificate/SSO authentication, possible to setup as a user and not admin? certificates#443
• How is 'step' used on the client side for admin work ? certificates#444

[dopey]

• Deep dive of how step ssh works.
• Client instructions for Windows openSSH + ssh-agent activation (could be just links to other resources)
• What to do if you don't have access to sshd (user level host config)

We should split Getting Started into Getting Started X509/TLS and Getting Started SSH and same for Core Concepts and Basic CA Operations pages.

[tashian]

I've started work on this in carl/ssh-intros.