https://stackoverflow.com/questions/14201952
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianAny particular reason you need to use certificates, and not just ssh keys? The only reason I'm aware of is it takes the burden off of the host administrator from managing a complex configuration of authorized_keys files on hosts which have a lot of users who login.
OpenSSH introduced certificates in version 5.4, so make sure you're running at least that version on the server side. The client must support SSH certificates as well, and it is unclear to me at this moment if putty supports it. It does support ssh keys however, and unless you specifically need certificates, key-based authentication should be all you need.
Here is a good read on SSH certificates: http://blog.habets.pp.se/2011/07/OpenSSH-certificates
If you just need way to login without being prompted for a password, then just use ssh keys (which is what certificates use anyway).
You say this:
I want A and B to authenticate each other.
Whether you use keys or certificates, you get this already out of the ssh protocol itself. When the client connects to the server, it compares the host key to it's local known_hosts files. If it's the first time you've ever going to that server, it asks you if you want to accept it. If the server's key changed since you logged in, you get the Man-in-the-middle warning, and based on your client configuration, asks you whether it's OK to proceed or simply doesn't let you continue.
This is the process of the server authenticating itself to the client, which happens before the client attempts to authenticate to the server.
