infra
/
kubernetes
1
0
Fork 0
Code Pull Requests 4 Activity
657 Commits
9 Branches
0 Tags
3.5 MiB
Commit Graph

4 Commits (cd090a597219370e38a48e3fc09386fb0b03c09d)

Author SHA1 Message Date
Dustin b75d83cd32 sshca: Do not sign certs for root 
We no longer need *root* in the list of authorized principals for user
certificates issued by SSHCA.
 2025-03-04 19:23:49 -06:00
Dustin a395d176bc sshca: Set group principals for Server Admins 
Members of the *Server Admins* group need to be able to log in to
machines using their respective privileged accounts for e.g.
provisioning or emergencies.
 2024-02-02 21:02:40 -06:00
Dustin 2cd4a8b097 sshca: Configure user CA 
SSHCA now supports issuing user certificates.  It uses OpenID Connect to
authenticate requests, and issues certificates based on the user's ID
token.
 2024-02-01 09:02:11 -06:00
Dustin fe2a84a222 sshca: Deploy SSH CA service 
[sshca] is a simple web service I wrote to automatically create signed
SSH certificates for hosts' public keys.  It authenticates hosts by
their machine UUID, which it can find using the libvirt API.

[sshca]: https://git.pyrocufflink.net/dustin/sshca
 2023-11-10 14:22:31 -06:00