In addition to conventional keys and certificates stored as files on disk, several external key providers are available for accessing keys and certificates stored in hardware tokens or external software modules.
The example below initializes the
software
external key provider, which is used to access
keys and certificates on disk, and instructs it to read all keys in
/etc/ssh2/hostkeys
.
<params> <hostkey> <externalkey type="software" init-info="directory(/etc/ssh2/hostkeys)"/> </hostkey> ... </params>
Each hostkey
element can be used for setting up one external key provider.
Each key provider may provide any number of keys to the server. It should be noted that due to
the limitations of the SSH2 protocol, having more than one key of each type (RSA, DSA, ECDSA,
Ed25519, X.509 certificate with RSA key, X.509 certificate with DSA key and X.509 certificate
with ECDSA key) is discouraged.
For more information on the different external keys and their initialization strings, see externalkey in ssh-server-config(5).