How do I issue server keys on linux that allow any client who has the keys to connect via ssh?

Question

I would like to issue keys from a server, allowing each client to connect via ssh without a username and a password. I do not want the client to generate a key and then add it to the server's known_hosts but rather have a solution that works without that part. I think there is an option to issue a certificate authority key pair on the server, store it somewhere safe and then give it to any client to sign its own key and then connect to the server without any other prior step. I am failing with the syntax probably, and it works on some machines but doesn't work on others.

What is the correct flow in preparation of the keys and then in using them to connect?

Thanks

Answer 1

The easiest and convenient option would be:

1. Generate ssh key public and private key pairs on the server using ssh-keygen
2. Distribute the public key on all the client nodes via configuration management tool like Ansible or Puppet.
3. Make sure ssh password less login is enabled in the sshd config file on the service side.