From 781d5fb6e8a0754c3b93ff7be27e21d64724a820 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano.cano@gmail.com>
Date: Fri, 8 Oct 2021 14:25:24 -0700
Subject: [PATCH] Fix creation of ssh certificates on step ca init.

---
 pki/pki.go | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/pki/pki.go b/pki/pki.go
index 41a644e1..b4ac26da 100644
--- a/pki/pki.go
+++ b/pki/pki.go
@@ -341,7 +341,7 @@ func New(o apiv1.Options, opts ...Option) (*PKI, error) {
 	}
 
 	// Use default key manager
-	if p.keyManager != nil {
+	if p.keyManager == nil {
 		p.keyManager = kms.Default
 	}
 
@@ -634,7 +634,7 @@ func (p *PKI) GenerateSSHSigningKeys(password []byte) error {
 
 	// Create SSH key used to sign host certificates. Using
 	// kmsapi.UnspecifiedSignAlgorithm will default to the default algorithm.
-	name := p.Ssh.HostPublicKey
+	name := p.Ssh.HostKey
 	if uri := p.options.hostKeyURI; uri != "" {
 		name = uri
 	}
@@ -649,7 +649,7 @@ func (p *PKI) GenerateSSHSigningKeys(password []byte) error {
 	if err != nil {
 		return errors.Wrapf(err, "error converting public key")
 	}
-	p.Files[resp.Name] = ssh.MarshalAuthorizedKey(sshKey)
+	p.Files[p.Ssh.HostPublicKey] = ssh.MarshalAuthorizedKey(sshKey)
 
 	// On softkms we will have the private key
 	if resp.PrivateKey != nil {
@@ -657,11 +657,13 @@ func (p *PKI) GenerateSSHSigningKeys(password []byte) error {
 		if err != nil {
 			return err
 		}
+	} else {
+		p.Ssh.HostKey = resp.Name
 	}
 
 	// Create SSH key used to sign user certificates. Using
 	// kmsapi.UnspecifiedSignAlgorithm will default to the default algorithm.
-	name = p.Ssh.UserPublicKey
+	name = p.Ssh.UserKey
 	if uri := p.options.userKeyURI; uri != "" {
 		name = uri
 	}
@@ -676,7 +678,7 @@ func (p *PKI) GenerateSSHSigningKeys(password []byte) error {
 	if err != nil {
 		return errors.Wrapf(err, "error converting public key")
 	}
-	p.Files[resp.Name] = ssh.MarshalAuthorizedKey(sshKey)
+	p.Files[p.Ssh.UserPublicKey] = ssh.MarshalAuthorizedKey(sshKey)
 
 	// On softkms we will have the private key
 	if resp.PrivateKey != nil {
@@ -684,6 +686,8 @@ func (p *PKI) GenerateSSHSigningKeys(password []byte) error {
 		if err != nil {
 			return err
 		}
+	} else {
+		p.Ssh.UserKey = resp.Name
 	}
 
 	return nil