Configure host to use SSH certs on the host and client side.

host_config/sign_user_pub.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+
+set -euxo pipefail
+
+SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
+user_ca_key="${SCRIPT_DIR}/ssh_certs/user_ca"
+
+if [ ! -f "${user_ca_key}" ]
+then
+  echo "User CA key not found."
+  exit 1
+fi
+
+username=$1
+principals=$2
+user_pub=$3
+
+if [ ! -f "${user_pub}" ]
+then
+    echo "User public key not found."
+    exit 1
+fi
+
+ssh-keygen -s "${user_ca_key}" -I "${username}" -n "${principals}" -V +52w "${user_pub}"
+echo "Done!"