forked from TrueCloudLab/certificates
Add support for federated keys.
This commit is contained in:
parent
a713277453
commit
08850d5334
3 changed files with 18 additions and 4 deletions
|
@ -195,9 +195,15 @@ func (a *Authority) init() error {
|
||||||
if a.config.SSH != nil {
|
if a.config.SSH != nil {
|
||||||
if a.sshCAHostCertSignKey != nil {
|
if a.sshCAHostCertSignKey != nil {
|
||||||
vars.SSH.HostKey = a.sshCAHostCertSignKey.PublicKey()
|
vars.SSH.HostKey = a.sshCAHostCertSignKey.PublicKey()
|
||||||
|
for _, k := range a.sshCAHostFederatedCerts[1:] {
|
||||||
|
vars.SSH.HostFederatedKeys = append(vars.SSH.HostFederatedKeys, k)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if a.sshCAUserCertSignKey != nil {
|
if a.sshCAUserCertSignKey != nil {
|
||||||
vars.SSH.UserKey = a.sshCAUserCertSignKey.PublicKey()
|
vars.SSH.UserKey = a.sshCAUserCertSignKey.PublicKey()
|
||||||
|
for _, k := range a.sshCAUserFederatedCerts[1:] {
|
||||||
|
vars.SSH.UserFederatedKeys = append(vars.SSH.UserFederatedKeys, k)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
t.Data["Step"] = vars
|
t.Data["Step"] = vars
|
||||||
|
|
|
@ -38,7 +38,10 @@ var sshTemplateData = map[string]string{
|
||||||
UserKnownHostsFile {{.User.StepPath}}/config/ssh/known_hosts`,
|
UserKnownHostsFile {{.User.StepPath}}/config/ssh/known_hosts`,
|
||||||
|
|
||||||
// known_hosts.tpl authorizes the ssh hosts key
|
// known_hosts.tpl authorizes the ssh hosts key
|
||||||
"known_hosts.tpl": "@cert-authority * {{.Step.SSH.HostKey.Type}} {{.Step.SSH.HostKey.Marshal | toString | b64enc}}",
|
"known_hosts.tpl": `@cert-authority * {{.Step.SSH.HostKey.Type}} {{.Step.SSH.HostKey.Marshal | toString | b64enc}}
|
||||||
|
{{- range .Step.SSH.HostFederatedKeys}}
|
||||||
|
@cert-authority * {{.Type}} {{.Marshal | toString | b64enc}}
|
||||||
|
{{- end}}`,
|
||||||
|
|
||||||
// sshd_config.tpl adds the configuration to support certificates
|
// sshd_config.tpl adds the configuration to support certificates
|
||||||
"sshd_config.tpl": `TrustedUserCAKeys /etc/ssh/ca.pub
|
"sshd_config.tpl": `TrustedUserCAKeys /etc/ssh/ca.pub
|
||||||
|
@ -46,7 +49,10 @@ HostCertificate /etc/ssh/{{.User.Certificate}}
|
||||||
HostKey /etc/ssh/{{.User.Key}}`,
|
HostKey /etc/ssh/{{.User.Key}}`,
|
||||||
|
|
||||||
// ca.tpl contains the public key used to authorized clients
|
// ca.tpl contains the public key used to authorized clients
|
||||||
"ca.tpl": "{{.Step.SSH.UserKey.Type}} {{.Step.SSH.UserKey.Marshal | toString | b64enc}}",
|
"ca.tpl": `{{.Step.SSH.UserKey.Type}} {{.Step.SSH.UserKey.Marshal | toString | b64enc}}
|
||||||
|
{{- range .Step.SSH.UserFederatedKeys}}
|
||||||
|
{{.Type}} {{.Marshal | toString | b64enc}}
|
||||||
|
{{- end}}`,
|
||||||
}
|
}
|
||||||
|
|
||||||
// getTemplates returns all the templates enabled
|
// getTemplates returns all the templates enabled
|
||||||
|
|
|
@ -12,4 +12,6 @@ type Step struct {
|
||||||
type StepSSH struct {
|
type StepSSH struct {
|
||||||
HostKey ssh.PublicKey
|
HostKey ssh.PublicKey
|
||||||
UserKey ssh.PublicKey
|
UserKey ssh.PublicKey
|
||||||
|
HostFederatedKeys []ssh.PublicKey
|
||||||
|
UserFederatedKeys []ssh.PublicKey
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue