Dustin
d443542ee0
dustin/sshca-cli/pipeline/pr-master There was a failure building this commit
Details
dustin/sshca-cli/pipeline/head This commit looks good
Details
An SSH certificate is useless on its own, as without the private key, clients cannot sign servers' authentication requests. Since `sshca-cli user login` creates a new key pair each time it is run, the private key needs to be kept at least as long as the certificate is valid. To that end, the command will now add both to the user's SSH agent. It communicates with the agent via the UNIX stream socket specified by the `SSH_AUTH_SOCK` environment variable. Although there is a Rust crate, [ssh-agent-client-rs][0] that implements the client side of the SSH agent protocol, it does not support adding certificates to the agent. In fact, that functionality is not even documented in the IETF draft specification for the protocol. Thus, I had to figure it out by reading the code of the OpenSSH `ssh-add` tool, and observing the messages passed between it and `ssh-agent`. [0]: https://crates.io/crates/ssh-agent-client-rs |
||
|---|---|---|
| ci | ||
| src | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| Cargo.lock | ||
| Cargo.toml | ||
| LICENSE-Apache-2.0.txt | ||
| LICENSE-MIT.txt | ||
| Makefile | ||
| rustfmt.toml | ||
| ssh-host-cert-sign@.service | ||
| ssh-host-certs-renew.target | ||
| ssh-host-certs-renew.timer | ||
| ssh-host-certs.target | ||
| sshca-cli.spec | ||