ansible-role-ssh-ca/templates/ssh_ca.sh.j2

#!/bin/bash
set -euo pipefail
IFS=$'\n\t'

host() {
	CAKEY="$2"
	PUBKEY="$3"
	HOST="$4"

	echo "$PUBKEY" > {{ ssh_ca_dir }}/"$HOST".pub
	ssh-keygen -h -s {{ ssh_ca_dir }}/keys/"$CAKEY" -I "$HOST" -n "$HOST" {{ ssh_ca_dir }}/"$HOST".pub
	cat {{ ssh_ca_dir }}/"$HOST"-cert.pub
	rm {{ ssh_ca_dir }}/"$HOST"*.pub
}

user() {
	CAKEY="$2"
	PUBKEY="$3"
	HOST="$4"
	PRINCIPALS="$5"

	echo "$PUBKEY" > {{ ssh_ca_dir }}/"$HOST".pub
	ssh-keygen -s {{ ssh_ca_dir }}/keys/"$CAKEY" -I "$HOST" -n "$HOST","$PRINCIPALS" {{ ssh_ca_dir }}/"$HOST".pub
	cat {{ ssh_ca_dir }}/"$HOST"-cert.pub
	rm {{ ssh_ca_dir }}/"$HOST"*.pub
}

"$1" "$@"
init 2023-04-23 21:34:36 +00:00			`#!/bin/bash`
			`set -euo pipefail`
			`IFS=$'\n\t'`

			`host() {`
support for arbitrary number of CA key pair 2023-04-25 15:45:23 +00:00			`CAKEY="$2"`
			`PUBKEY="$3"`
			`HOST="$4"`
init 2023-04-23 21:34:36 +00:00
			`echo "$PUBKEY" > {{ ssh_ca_dir }}/"$HOST".pub`
support for arbitrary number of CA key pair 2023-04-25 15:45:23 +00:00			`ssh-keygen -h -s {{ ssh_ca_dir }}/keys/"$CAKEY" -I "$HOST" -n "$HOST" {{ ssh_ca_dir }}/"$HOST".pub`
init 2023-04-23 21:34:36 +00:00			`cat {{ ssh_ca_dir }}/"$HOST"-cert.pub`
			`rm {{ ssh_ca_dir }}/"$HOST"*.pub`
			`}`

			`user() {`
support for arbitrary number of CA key pair 2023-04-25 15:45:23 +00:00			`CAKEY="$2"`
			`PUBKEY="$3"`
			`HOST="$4"`
			`PRINCIPALS="$5"`
init 2023-04-23 21:34:36 +00:00
			`echo "$PUBKEY" > {{ ssh_ca_dir }}/"$HOST".pub`
support for arbitrary number of CA key pair 2023-04-25 15:45:23 +00:00			`ssh-keygen -s {{ ssh_ca_dir }}/keys/"$CAKEY" -I "$HOST" -n "$HOST","$PRINCIPALS" {{ ssh_ca_dir }}/"$HOST".pub`
init 2023-04-23 21:34:36 +00:00			`cat {{ ssh_ca_dir }}/"$HOST"-cert.pub`
			`rm {{ ssh_ca_dir }}/"$HOST"*.pub`
			`}`

			`"$1" "$@"`