From 9e8695106ce20eee7a1f3e2f26f89e670e8c5f4c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mattias=20Walstr=C3=B6m?= <lazzer@gmail.com>
Date: Tue, 10 Dec 2024 10:55:15 +0100
Subject: [PATCH] Document SSH configuration

---
 doc/management.md | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 doc/management.md

diff --git a/doc/management.md b/doc/management.md
new file mode 100644
index 000000000..7fb169578
--- /dev/null
+++ b/doc/management.md
@@ -0,0 +1,24 @@
+# SSH Management
+
+The default SSH hostkey is generated on first boot and is used in both
+SSH and NETCONF (SSH transport). Custom keys can be added to the
+configuration in `ietf-keystore`. The ony suuported hostkey type is
+RSA for now, so the private must be `ietf-crypto-types:rsa-private-key-format` and the public key
+`ietf-crypto-types:ssh-public-key-format`
+
+## Use your own SSH hostkeys
+
+Hostkeys can be generated with OpenSSL:
+```bash
+openssl genpkey -quiet -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -outform PEM > mykey
+openssl rsa -RSAPublicKey_out < mykey > mykey.pyb
+```
+Store the keys in `ietf-keystore` _without_ the header and footer information
+created by OpenSSL.
+
+After the key has been stored in the keystore and given the name
+_mykey_ it can be added to SSH configuration:
+
+	admin@example:/> configure
+	admin@example:/config/> edit ssh
+	admin@example:/config/ssh/> set hostkey mykey