pim/ansible-role-ssh-ca
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
No description
This repository has been archived on 2024-02-18. You can view files and clone it, but you cannot make any changes to its state, such as pushing and creating new issues, pull requests or comments.
5 commits 1 branch 0 tags 39 KiB
Find a file
Exact
Pim Kunis c1e2fdcede change git domain name
2023-07-05 23:55:46 +02:00
meta change git domain name 2023-07-05 23:55:46 +02:00
tasks support for arbitrary number of CA key pair 2023-04-25 17:45:23 +02:00
templates support for arbitrary number of CA key pair 2023-04-25 17:45:23 +02:00
LICENSE init 2023-04-23 23:34:36 +02:00
README.md Update 'README.md' 2023-04-25 16:55:40 +00:00

README.md

ansible-role-ssh-ca

Ansible role to deploy a basic SSH certificate authority.

It is implemented as a simple wrapper above ssh-keygen, which is deployed on a server. It supports issuing host certificates as well as user certificates.

Limitations

I currently only use this in my home lab, and it should not be used in more critical environments. Notable, it has the following limitations:

  • No expiration date and no mechanism to issue new certificates
  • No mechanism to revoke certificates
  • No mechanism to roll over CA key pair

Usage

The following variables must be set before calling the role:

  • ssh_ca_dir: Working directory for the certificate authority
  • ssh_ca_key_pairs: List of CA key pairs
    • name: File name of the CA key pair
    • public_key: Public key contents on the key pair
    • private_key: Private key contents on the key pair