LILiK
/
ca_manager
5
0
Fork 0
Code Issues 0 Pull Requests 2 Releases 0 Wiki Activity
Easy CA management
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
227 Commits
7 Branches
218 KiB
Branch: master
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
ca_manager/SPEC.md

77 lines
1.8 KiB
Raw Permalink Normal View History

move speficics from README to SPEC file
7 years ago
fix documentation
7 years ago
move speficics from README to SPEC file
7 years ago
 
  1. CA manager
  2. ==========
  3. 

  4. This tools collection is our take on managing a CA, signing SSH keys and certificates, signin SSL certificates.
  5. 

  6. ### Tools

  7. 

  8. #### `request_server.py`

  9. 

  10. This is a shell for a user, the shell only reads the input from the user and return a JSON. We like to use this user with Ansible to request and retrive ssh host certificates.
  11. 

  12. The server logs can be found at `/home/request/request_server.log`
  13. 

  14. ##### sign_request

  15. 

  16. The input must be a JSON file, e.g
  17. 

  18. ```JSON
  19. {
  20. 	"request": {
  21. 		"keyType": "ssh_host",
  22. 		"hostName": "my_new_server",
  23. 		"keyData": "ssh-ed25519 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa root@my_new_server"
  24. 	},
  25. 	"type": "sign_request"
  26. }
  27. ```
  28. 

  29. the example is a `sign_request` for a ssh host certificate.
  30. 

  31. ```JSON
  32. {
  33. 	"request": {
  34. 		"keyType": "ssh_user",
  35. 		"userName": "my_username",
  36. 		"keyData": "ssh-ed25519 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa my_username@my_hostname",
  37. 		"rootRequested": true
  38. 	},
  39. 	"type": "sign_request"
  40. }
  41. ```
  42. 

  43. This example is `sign_request` for a ssh user certificate with root access.
  44. 

  45. The shell just output a json with `status`, `reason`, `failed` and `msg` keys.
  46. 

  47. ```JSON
  48. {
  49. 	"failed" : ...,
  50. 	"msg" : ...,
  51. 	"reason" : ...,
  52. 	"status" : ...
  53. }
  54. ```
  55. 

  56. The keys `failed` and `msg` are only requested to comply with ansible.
  57. 

  58. #### `manager.py`

  59. 

  60. This is a shell for a user, the shell limits the commands to the one we are interested, like generating a SSH/SSL CA, signing keys.
  61. 

  62. ```
  63. # LILiK CA Manager

  64. 

  65. Welcome to the certification authority shell.
  66. Type help or ? to list commands.
  67. 	    
  68. (CA Manager)> ?
  69. 

  70. Documented commands (type help <topic>):
  71. ========================================
  72. describe_cas  gen_ca  help  ls_ca  ls_requests  quit  sign_request
  73. ```
  74. 

  75. ### Configuration

  76. 

  77. The only configuration needed is the path where to operate, modifying te file `paths.py` is all is needed.