mirror of
https://github.com/smallstep/certificates.git
synced 2024-11-11 07:11:00 +00:00
Add support for federated keys.
This commit is contained in:
parent
f0b346a528
commit
38d735be6e
@ -195,9 +195,15 @@ func (a *Authority) init() error {
|
|||||||
if a.config.SSH != nil {
|
if a.config.SSH != nil {
|
||||||
if a.sshCAHostCertSignKey != nil {
|
if a.sshCAHostCertSignKey != nil {
|
||||||
vars.SSH.HostKey = a.sshCAHostCertSignKey.PublicKey()
|
vars.SSH.HostKey = a.sshCAHostCertSignKey.PublicKey()
|
||||||
|
for _, k := range a.sshCAHostFederatedCerts[1:] {
|
||||||
|
vars.SSH.HostFederatedKeys = append(vars.SSH.HostFederatedKeys, k)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if a.sshCAUserCertSignKey != nil {
|
if a.sshCAUserCertSignKey != nil {
|
||||||
vars.SSH.UserKey = a.sshCAUserCertSignKey.PublicKey()
|
vars.SSH.UserKey = a.sshCAUserCertSignKey.PublicKey()
|
||||||
|
for _, k := range a.sshCAUserFederatedCerts[1:] {
|
||||||
|
vars.SSH.UserFederatedKeys = append(vars.SSH.UserFederatedKeys, k)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
t.Data["Step"] = vars
|
t.Data["Step"] = vars
|
||||||
|
@ -38,7 +38,10 @@ var sshTemplateData = map[string]string{
|
|||||||
UserKnownHostsFile {{.User.StepPath}}/config/ssh/known_hosts`,
|
UserKnownHostsFile {{.User.StepPath}}/config/ssh/known_hosts`,
|
||||||
|
|
||||||
// known_hosts.tpl authorizes the ssh hosts key
|
// known_hosts.tpl authorizes the ssh hosts key
|
||||||
"known_hosts.tpl": "@cert-authority * {{.Step.SSH.HostKey.Type}} {{.Step.SSH.HostKey.Marshal | toString | b64enc}}",
|
"known_hosts.tpl": `@cert-authority * {{.Step.SSH.HostKey.Type}} {{.Step.SSH.HostKey.Marshal | toString | b64enc}}
|
||||||
|
{{- range .Step.SSH.HostFederatedKeys}}
|
||||||
|
@cert-authority * {{.Type}} {{.Marshal | toString | b64enc}}
|
||||||
|
{{- end}}`,
|
||||||
|
|
||||||
// sshd_config.tpl adds the configuration to support certificates
|
// sshd_config.tpl adds the configuration to support certificates
|
||||||
"sshd_config.tpl": `TrustedUserCAKeys /etc/ssh/ca.pub
|
"sshd_config.tpl": `TrustedUserCAKeys /etc/ssh/ca.pub
|
||||||
@ -46,7 +49,10 @@ HostCertificate /etc/ssh/{{.User.Certificate}}
|
|||||||
HostKey /etc/ssh/{{.User.Key}}`,
|
HostKey /etc/ssh/{{.User.Key}}`,
|
||||||
|
|
||||||
// ca.tpl contains the public key used to authorized clients
|
// ca.tpl contains the public key used to authorized clients
|
||||||
"ca.tpl": "{{.Step.SSH.UserKey.Type}} {{.Step.SSH.UserKey.Marshal | toString | b64enc}}",
|
"ca.tpl": `{{.Step.SSH.UserKey.Type}} {{.Step.SSH.UserKey.Marshal | toString | b64enc}}
|
||||||
|
{{- range .Step.SSH.UserFederatedKeys}}
|
||||||
|
{{.Type}} {{.Marshal | toString | b64enc}}
|
||||||
|
{{- end}}`,
|
||||||
}
|
}
|
||||||
|
|
||||||
// getTemplates returns all the templates enabled
|
// getTemplates returns all the templates enabled
|
||||||
|
@ -10,6 +10,8 @@ type Step struct {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type StepSSH struct {
|
type StepSSH struct {
|
||||||
HostKey ssh.PublicKey
|
HostKey ssh.PublicKey
|
||||||
UserKey ssh.PublicKey
|
UserKey ssh.PublicKey
|
||||||
|
HostFederatedKeys []ssh.PublicKey
|
||||||
|
UserFederatedKeys []ssh.PublicKey
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user