pim/ansible-role-ssh-ca
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
No description
This repository has been archived on 2024-02-18. You can view files and clone it, but cannot push or open issues or pull requests.
3 commits 1 branch 0 tags 39 KiB
Jinja 100%
Find a file
Pim Kunis 836d926e43 support for arbitrary number of CA key pair
2023-04-25 17:45:23 +02:00
meta init 2023-04-23 23:34:36 +02:00
tasks support for arbitrary number of CA key pair 2023-04-25 17:45:23 +02:00
templates support for arbitrary number of CA key pair 2023-04-25 17:45:23 +02:00
LICENSE init 2023-04-23 23:34:36 +02:00
README.md support for arbitrary number of CA key pair 2023-04-25 17:45:23 +02:00

README.md

ansible-role-ssh-ca

Ansible role to deploy a basic SSH certificate authority.

It is implemented as a simple wrapper above ssh-keygen, which is deployed on a server. It supports issuing host certificates as well as user certificates.

Limitations

I currently only use this in my home lab, and it should not be used in more critical environments. Notable, it has the following limitations:

  • No expiration date and no mechanism to issue new certificates
  • No mechanism to revoke certificates
  • No mechanism to roll over CA key pair

Usage

The following variables must be set before calling the role:

  • ssh_ca_dir: Working directory for the certificate authority
  • ssh_ca_key_pair: List of CA key pairs
    • name: File name of the CA key pair
    • public_key: Public key contents on the key pair
    • private_key: Private key contents on the key pair