|
|
- CA manager
- ==========
-
- This tools collection is our take on managing a CA, signing SSH keys and certificates, signin SSL certificates.
-
- ### Tools
-
- #### `request_server.py`
-
- This is a shell for a user, the shell only reads the input from the user and return a JSON. We like to use this user with Ansible to request and retrive ssh host certificates.
-
- The server logs can be found at `/home/request/request_server.log`
-
- ##### sign_request
-
- The input must be a JSON file, e.g
-
- ```JSON
- {
- "request": {
- "keyType": "ssh_host",
- "hostName": "my_new_server",
- "keyData": "ssh-ed25519 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa root@my_new_server"
- },
- "type": "sign_request"
- }
- ```
-
- the example is a `sign_request` for a ssh host certificate.
-
- ```JSON
- {
- "request": {
- "keyType": "ssh_user",
- "userName": "my_username",
- "keyData": "ssh-ed25519 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa my_username@my_hostname",
- "rootRequested": true
- },
- "type": "sign_request"
- }
- ```
-
- This example is `sign_request` for a ssh user certificate with root access.
-
- The shell just output a json with `status`, `reason`, `failed` and `msg` keys.
-
- ```JSON
- {
- "failed" : ...,
- "msg" : ...,
- "reason" : ...,
- "status" : ...
- }
- ```
-
- The keys `failed` and `msg` are only requested to comply with ansible.
-
- #### `ca_sheel.py`
-
- This is a shell for a user, the shell limits the commands to the one we are interested, like generating a SSH/SSL CA, signing keys.
-
- ```
- # LILiK CA Manager
-
- Welcome to the certification authority shell.
- Type help or ? to list commands.
-
- (CA Manager)> ?
-
- Documented commands (type help <topic>):
- ========================================
- describe_cas gen_ca help ls_ca ls_requests quit sign_request
- ```
-
- ### Configuration
-
- The only configuration needed is the path where to operate, modifying te file `paths.py` is all is needed.
|
