john/janus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: john:58e033e16e39c272d55dbd44fbc47c7ff52eed2b
Branches Tags
john:main
..
compare: john:2b9c0556a4f163a345b80a46500d55053218e02b
Branches Tags
john:main

2 Commits
58e033e16e ... 2b9c0556a4

Author SHA1 Message Date
John Lancaster
2b9c0556a4 readme content 2026-01-03 22:49:45 -06:00
John Lancaster
3c889513e9 more gitignore 2026-01-03 22:49:35 -06:00
2 changed files with 20 additions and 2 deletions
Expand all files Collapse all files

5
.gitignore vendored
View File

@@ -1,3 +1,6 @@
password.txt password.txt
certs/
secrets/ secrets/
db/ db/
ca.json

17
README.md
View File

@@ -18,6 +18,8 @@ step ca init --ssh --acme
## SSH Certificates ## SSH Certificates
### Server
Use step-ca to sign an existing public key to produce a signed certificate with some principals on it. Use step-ca to sign an existing public key to produce a signed certificate with some principals on it.
``` ```
@@ -41,4 +43,17 @@ TrustedUserCAKeys /etc/ssh/ssh_user_ca.pub
HostKey /etc/ssh/ssh_host_ed25519_key HostKey /etc/ssh/ssh_host_ed25519_key
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
EOF EOF
``` ```
```
systemctl reload sshd
```
### Client
```
step ssh certificate --sign \
--principal root --principal john \
--provisioner admin \
john@john-pc-ubuntu ~/.ssh/id_ed25519.pub
```