pim/ansible-role-ssh-ca
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
This repository has been archived on 2024-02-18. You can view files and clone it, but cannot push or open issues or pull requests.
ansible-role-ssh-ca/README.md
Pim Kunis d2a010678c init
2023-04-23 23:34:36 +02:00

924 B
Raw Blame History

ansible-role-ssh-ca

Ansible role to deploy a basic SSH certificate authority.

It is implemented as a simple wrapper above ssh-keygen, which is deployed on a server. It supports issuing host certificates as well as user certificates.

Limitations

I currently only use this in my home lab, and it should not be used in more critical environments. Notable, it has the following limitations:

  • No expiration date and no mechanism to issue new certificates
  • No mechanism to revoke certificates
  • No mechanism to roll over CA key pair

Usage

The following variables must be set before calling the role:

  • ssh_ca_dir: Working directory for the certificate authority
  • ssh_ca_user_ca_private_key: Private key of the SSH user CA
  • ssh_ca_user_ca_public_key: Public key of the SSH user CA
  • ssh_ca_host_ca_private_key: Private key of the SSH host CA
  • ssh_ca_host_ca_public_key: Public key of the SSH host CA