25 lines
870 B
Markdown
25 lines
870 B
Markdown
# ansible-role-ssh-ca
|
|
|
|
Ansible role to deploy a basic SSH certificate authority.
|
|
|
|
It is implemented as a simple wrapper above ssh-keygen, which is deployed on a server.
|
|
It supports issuing host certificates as well as user certificates.
|
|
|
|
## Limitations
|
|
|
|
I currently only use this in my home lab, and it should not be used in more critical environments.
|
|
Notable, it has the following limitations:
|
|
|
|
- No expiration date and no mechanism to issue new certificates
|
|
- No mechanism to revoke certificates
|
|
- No mechanism to roll over CA key pair
|
|
|
|
## Usage
|
|
|
|
The following variables must be set before calling the role:
|
|
|
|
- `ssh_ca_dir`: Working directory for the certificate authority
|
|
- `ssh_ca_key_pairs`: List of CA key pairs
|
|
- `name`: File name of the CA key pair
|
|
- `public_key`: Public key contents on the key pair
|
|
- `private_key`: Private key contents on the key pair
|