sshca: Deploy SSH CA service
[sshca] is a simple web service I wrote to automatically create signed SSH certificates for hosts' public keys. It authenticates hosts by their machine UUID, which it can find using the libvirt API. [sshca]: https://git.pyrocufflink.net/dustin/sshca
This commit is contained in:
11
sshca/config.toml
Normal file
11
sshca/config.toml
Normal file
@@ -0,0 +1,11 @@
|
||||
machine_ids = "/var/lib/sshca/machine-ids.json"
|
||||
|
||||
[ca.host]
|
||||
private_key_file = "/run/sshca/secrets/host/key/host-ca-key"
|
||||
private_key_passphrase_file = "/run/sshca/secrets/host/passphrase/host-ca-key.passphrase"
|
||||
|
||||
[[libvirt]]
|
||||
uri = "qemu+ssh://sshca@vmhost0.pyrocufflink.blue/system?keyfile=/run/sshca/libvirt/sshkey"
|
||||
|
||||
[[libvirt]]
|
||||
uri = "qemu+ssh://sshca@vmhost1.pyrocufflink.blue/system?keyfile=/run/sshca/libvirt/sshkey"
|
||||
Reference in New Issue
Block a user