diff --git a/README.md b/README.md index 18ea540..fd8ec84 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,8 @@ CA manager ========== +![My authority]() + This collection of tools is our take on managing a CA, signing SSH keys and certificates, signin SSL certificates. ### Tools @@ -11,67 +13,10 @@ This is a shell for a user, the shell only reads the input from the user and ret The server logs can be found at `/home/request/request_server.log` -##### sign_request - -The input must be a JSON file, e.g - -```JSON -{ - "request": { - "keyType": "ssh_host", - "hostName": "my_new_server", - "keyData": "ssh-ed25519 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa root@my_new_server" - }, - "type": "sign_request" -} -``` - -the example is a `sign_request` for a ssh host certificate. - -```JSON -{ - "request": { - "keyType": "ssh_user", - "userName": "my_username", - "keyData": "ssh-ed25519 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa my_username@my_hostname", - "rootRequested": true - }, - "type": "sign_request" -} -``` - -This example is `sign_request` for a ssh user certificate with root access. - -The shell just output a json with `status`, `reason`, `failed` and `msg` keys. - -```JSON -{ - "failed" : ..., - "msg" : ..., - "reason" : ..., - "status" : ... -} -``` - -The keys `failed` and `msg` are only requested to comply with ansible. - #### `ca_sheel.py` This is a shell for a user, the shell limits the commands to the one we are interested, like generating a SSH/SSL CA, signing keys. -``` -# LILiK CA Manager - -Welcome to the certification authority shell. -Type help or ? to list commands. - -(CA Manager)> ? - -Documented commands (type help ): -======================================== -describe_cas gen_ca help ls_ca ls_requests quit sign_request -``` - ### Configuration The only configuration needed is the path where to operate, modifying te file `paths.py` is all is needed. diff --git a/SPEC.md b/SPEC.md new file mode 100644 index 0000000..280c568 --- /dev/null +++ b/SPEC.md @@ -0,0 +1,77 @@ +CA manager +========== + +This tools collection is our take on managing a CA, signing SSH keys and certificates, signin SSL certificates. + +### Tools + +#### `request_server.py` + +This is a shell for a user, the shell only reads the input from the user and return a JSON. We like to use this user with Ansible to request and retrive ssh host certificates. + +The server logs can be found at `/home/request/request_server.log` + +##### sign_request + +The input must be a JSON file, e.g + +```JSON +{ + "request": { + "keyType": "ssh_host", + "hostName": "my_new_server", + "keyData": "ssh-ed25519 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa root@my_new_server" + }, + "type": "sign_request" +} +``` + +the example is a `sign_request` for a ssh host certificate. + +```JSON +{ + "request": { + "keyType": "ssh_user", + "userName": "my_username", + "keyData": "ssh-ed25519 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa my_username@my_hostname", + "rootRequested": true + }, + "type": "sign_request" +} +``` + +This example is `sign_request` for a ssh user certificate with root access. + +The shell just output a json with `status`, `reason`, `failed` and `msg` keys. + +```JSON +{ + "failed" : ..., + "msg" : ..., + "reason" : ..., + "status" : ... +} +``` + +The keys `failed` and `msg` are only requested to comply with ansible. + +#### `ca_sheel.py` + +This is a shell for a user, the shell limits the commands to the one we are interested, like generating a SSH/SSL CA, signing keys. + +``` +# LILiK CA Manager + +Welcome to the certification authority shell. +Type help or ? to list commands. + +(CA Manager)> ? + +Documented commands (type help ): +======================================== +describe_cas gen_ca help ls_ca ls_requests quit sign_request +``` + +### Configuration + +The only configuration needed is the path where to operate, modifying te file `paths.py` is all is needed.