Python equivalent of ssh-keygen command (create and sign user certificate)

Question

I looking for a way to get a signed openssh user certificate without using the subprocess library, equivalent to the following command:

ssh-keygen -s user_ca -I ID_USER -n user1,user2 -V+1d user-key.pub

Output:

ssh-rsa-cert-v01@openssh.com AAAAHHNza ... user@hostname

Does this answer your question? [How to generate SSH key pairs with Python](https://stackoverflow.com/questions/2466401/how-to-generate-ssh-key-pairs-with-python) — rasjani, Jul 25 '23 at 09:31
No, because generating a private/public key pair is not the same as generating and signing a certificate. The above ssh-kegen command creates a certificate that can be used to log in over SSH. — Jarosław Wieczorek, Jul 25 '23 at 13:07

score 1 · Accepted Answer · answered Jul 28 '23 at 06:34

1

The sshkey-tools library solves my problem

answered Jul 28 '23 at 06:34

1 Answers1