john/janus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

readme updates

Browse Source
This commit is contained in:
John Lancaster
2026-01-04 09:46:42 -06:00
parent a0223e439b
commit 6705bab1fe
1 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
README.md
View File

@@ -23,10 +23,14 @@ step ca init --ssh --acme
Use step-ca to sign an existing public key to produce a signed certificate with some principals on it. Use step-ca to sign an existing public key to produce a signed certificate with some principals on it.
``` ```
export IP_ADDRESS=$(ip -4 addr show dev eth0 | awk '/inet /{print $2}' | cut -d/ -f1) && \
export HOSTNAME=$(hostname -s) && \
step ssh certificate --host --sign \ step ssh certificate --host --sign \
--principal janus --principal janus.john-stream.com \ --principal "$HOSTNAME" \
--principal "$HOSTNAME.john-stream.com" \
--principal "$IP_ADDRESS" \
--provisioner admin \ --provisioner admin \
janus /etc/ssh/ssh_host_ed25519_key.pub "$HOSTNAME" /etc/ssh/ssh_host_ed25519_key.pub
``` ```
Get the (public) cert for the CA that signs the user SSH certs from step-ca. Get the (public) cert for the CA that signs the user SSH certs from step-ca.
@@ -51,9 +55,18 @@ systemctl reload sshd
### Client ### Client
Trust certs that are signed by Janus:
```
(umask 022; cat <<EOF > ~/.ssh/known_hosts
@cert-authority *.john-stream.com,192.168.1.* $(step ssh config --host --roots)
EOF
)
```
``` ```
step ssh certificate --sign \ step ssh certificate --sign \
--principal root --principal john \ --principal root --principal john \
--provisioner admin \ --provisioner admin \
john@john-pc-ubuntu ~/.ssh/id_ed25519.pub john ~/.ssh/id_ed25519.pub
``` ```