Add support for federated keys.

This commit is contained in:
Mariano Cano 2019-10-11 19:26:59 -07:00 committed by max furman
parent f0b346a528
commit 38d735be6e
3 changed files with 18 additions and 4 deletions

View File

@ -195,9 +195,15 @@ func (a *Authority) init() error {
if a.config.SSH != nil { if a.config.SSH != nil {
if a.sshCAHostCertSignKey != nil { if a.sshCAHostCertSignKey != nil {
vars.SSH.HostKey = a.sshCAHostCertSignKey.PublicKey() vars.SSH.HostKey = a.sshCAHostCertSignKey.PublicKey()
for _, k := range a.sshCAHostFederatedCerts[1:] {
vars.SSH.HostFederatedKeys = append(vars.SSH.HostFederatedKeys, k)
}
} }
if a.sshCAUserCertSignKey != nil { if a.sshCAUserCertSignKey != nil {
vars.SSH.UserKey = a.sshCAUserCertSignKey.PublicKey() vars.SSH.UserKey = a.sshCAUserCertSignKey.PublicKey()
for _, k := range a.sshCAUserFederatedCerts[1:] {
vars.SSH.UserFederatedKeys = append(vars.SSH.UserFederatedKeys, k)
}
} }
} }
t.Data["Step"] = vars t.Data["Step"] = vars

View File

@ -38,7 +38,10 @@ var sshTemplateData = map[string]string{
UserKnownHostsFile {{.User.StepPath}}/config/ssh/known_hosts`, UserKnownHostsFile {{.User.StepPath}}/config/ssh/known_hosts`,
// known_hosts.tpl authorizes the ssh hosts key // known_hosts.tpl authorizes the ssh hosts key
"known_hosts.tpl": "@cert-authority * {{.Step.SSH.HostKey.Type}} {{.Step.SSH.HostKey.Marshal | toString | b64enc}}", "known_hosts.tpl": `@cert-authority * {{.Step.SSH.HostKey.Type}} {{.Step.SSH.HostKey.Marshal | toString | b64enc}}
{{- range .Step.SSH.HostFederatedKeys}}
@cert-authority * {{.Type}} {{.Marshal | toString | b64enc}}
{{- end}}`,
// sshd_config.tpl adds the configuration to support certificates // sshd_config.tpl adds the configuration to support certificates
"sshd_config.tpl": `TrustedUserCAKeys /etc/ssh/ca.pub "sshd_config.tpl": `TrustedUserCAKeys /etc/ssh/ca.pub
@ -46,7 +49,10 @@ HostCertificate /etc/ssh/{{.User.Certificate}}
HostKey /etc/ssh/{{.User.Key}}`, HostKey /etc/ssh/{{.User.Key}}`,
// ca.tpl contains the public key used to authorized clients // ca.tpl contains the public key used to authorized clients
"ca.tpl": "{{.Step.SSH.UserKey.Type}} {{.Step.SSH.UserKey.Marshal | toString | b64enc}}", "ca.tpl": `{{.Step.SSH.UserKey.Type}} {{.Step.SSH.UserKey.Marshal | toString | b64enc}}
{{- range .Step.SSH.UserFederatedKeys}}
{{.Type}} {{.Marshal | toString | b64enc}}
{{- end}}`,
} }
// getTemplates returns all the templates enabled // getTemplates returns all the templates enabled

View File

@ -10,6 +10,8 @@ type Step struct {
} }
type StepSSH struct { type StepSSH struct {
HostKey ssh.PublicKey HostKey ssh.PublicKey
UserKey ssh.PublicKey UserKey ssh.PublicKey
HostFederatedKeys []ssh.PublicKey
UserFederatedKeys []ssh.PublicKey
} }