Servers running recent enough OpenSSH versions can have their SSH host keys signed. This does not use X.509 and is for convenience only; if the cert-authority is not trusted, SSH will fall back to usual verification methods. The cert-authority keys are included below.
Also see individual hosts and the X.509 certificate authority.
Cluenet CAs have been removed, as the project is closed.
Entry for known_hosts:
@cert-authority *.nullroute.lt ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBAjiC5bIBSWDhU9FogwbJE6CnyOJ/QXvzitk+XxAiBTpA24tJedib7o8y+fZD3hur056ae5KSZqEDMLD8if99XrB+j1cwGa2l9O3Xwq03S19lxGmgTbeHRVf20s4UtgLSw== Nullroute host CA r0 (2012-04-09) @cert-authority *.nullroute.lt ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINi9073+XIwMND7qY5fFcz3tu2Oqp5ehgFAV0APFiyRq Nullroute host CA r1 (2018-03-23)
Available as known_hosts.txt.
Entry for authorized_keys:
cert-authority ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDfiMJ2Z3bxwlugnGRCn4VIof+UqS0eIOsguHiDyFSJneCJ5VNYe8maEZJIOH8c3VRusAbmwOsCuvFEuhzAObX2FUir9sfCA4V1wdp1iOLQw0jChhAxKokejM5hvbkPt+g== Nullroute user CA r0 (2012-04-09) cert-authority ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFjI+JWugdI4Q0j7L9rGQb9A2RqDwJRJ5m7Tqhsa1ryB Nullroute user CA r1 (2018-03-23)