pim/ansible-role-ssh-ca
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

support for arbitrary number of CA key pair

Browse source
This commit is contained in:
Pim Kunis 2023-04-25 17:45:23 +02:00
parent 383001d563
commit 836d926e43
3 changed files with 21 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

16
templates/ssh_ca.sh.j2
View file

@ -3,22 +3,24 @@ set -euo pipefail
IFS=$'\n\t'
host() {
PUBKEY="$2"
HOST="$3"
CAKEY="$2"
PUBKEY="$3"
HOST="$4"
echo "$PUBKEY" > {{ ssh_ca_dir }}/"$HOST".pub
ssh-keygen -h -s {{ ssh_ca_dir }}/keys/host_ca -I "$HOST" -n "$HOST" {{ ssh_ca_dir }}/"$HOST".pub
ssh-keygen -h -s {{ ssh_ca_dir }}/keys/"$CAKEY" -I "$HOST" -n "$HOST" {{ ssh_ca_dir }}/"$HOST".pub
cat {{ ssh_ca_dir }}/"$HOST"-cert.pub
rm {{ ssh_ca_dir }}/"$HOST"*.pub
}
user() {
PUBKEY="$2"
HOST="$3"
PRINCIPALS="$4"
CAKEY="$2"
PUBKEY="$3"
HOST="$4"
PRINCIPALS="$5"
echo "$PUBKEY" > {{ ssh_ca_dir }}/"$HOST".pub
ssh-keygen -s {{ ssh_ca_dir }}/keys/user_ca -I "$HOST" -n "$HOST","$PRINCIPALS" {{ ssh_ca_dir }}/"$HOST".pub
ssh-keygen -s {{ ssh_ca_dir }}/keys/"$CAKEY" -I "$HOST" -n "$HOST","$PRINCIPALS" {{ ssh_ca_dir }}/"$HOST".pub
cat {{ ssh_ca_dir }}/"$HOST"-cert.pub
rm {{ ssh_ca_dir }}/"$HOST"*.pub
}