25 lines
924 B
Markdown
25 lines
924 B
Markdown
# ansible-role-ssh-ca
|
|
|
|
Ansible role to deploy a basic SSH certificate authority.
|
|
|
|
It is implemented as a simple wrapper above ssh-keygen, which is deployed on a server.
|
|
It supports issuing host certificates as well as user certificates.
|
|
|
|
## Limitations
|
|
|
|
I currently only use this in my home lab, and it should not be used in more critical environments.
|
|
Notable, it has the following limitations:
|
|
|
|
- No expiration date and no mechanism to issue new certificates
|
|
- No mechanism to revoke certificates
|
|
- No mechanism to roll over CA key pair
|
|
|
|
## Usage
|
|
|
|
The following variables must be set before calling the role:
|
|
|
|
- `ssh_ca_dir`: Working directory for the certificate authority
|
|
- `ssh_ca_user_ca_private_key`: Private key of the SSH user CA
|
|
- `ssh_ca_user_ca_public_key`: Public key of the SSH user CA
|
|
- `ssh_ca_host_ca_private_key`: Private key of the SSH host CA
|
|
- `ssh_ca_host_ca_public_key`: Public key of the SSH host CA
|