This tools collection is our take on managing a CA, signing SSH keys and certificates, signin SSL certificates.
This is a shell for a user, the shell only reads the input from the user and return a JSON. We like to use this user with Ansible to request and retrive ssh host certificates.
The server logs can be found at /home/request/request_server.log
The input must be a JSON file, e.g
{
"request": {
"keyType": "ssh_host",
"hostName": "my_new_server",
"keyData": "ssh-ed25519 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa root@my_new_server"
},
"type": "sign_request"
}
the example is a sign_request
for a ssh host certificate.
{
"request": {
"keyType": "ssh_user",
"userName": "my_username",
"keyData": "ssh-ed25519 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa my_username@my_hostname",
"rootRequested": true
},
"type": "sign_request"
}
This example is sign_request
for a ssh user certificate with root access.
The shell just output a json with status
, reason
, failed
and msg
keys.
{
"failed" : ...,
"msg" : ...,
"reason" : ...,
"status" : ...
}
The keys failed
and msg
are only requested to comply with ansible.
This is a shell for a user, the shell limits the commands to the one we are interested, like generating a SSH/SSL CA, signing keys.
# LILiK CA Manager
Welcome to the certification authority shell.
Type help or ? to list commands.
(CA Manager)> ?
Documented commands (type help <topic>):
========================================
describe_cas gen_ca help ls_ca ls_requests quit sign_request
The only configuration needed is the path where to operate, modifying te file paths.py
is all is needed.