john/janus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7 Commits 1 Branch 0 Tags
45c0d47198afb2248b31ef10ede05de2737c1136
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
John Lancaster 45c0d47198 added ssh_fingerprint check
2026-01-03 23:52:32 -06:00
scripts
added ssh_fingerprint check
2026-01-03 23:52:32 -06:00
.gitignore
more gitignore
2026-01-03 22:49:35 -06:00
README.md
readme content
2026-01-03 22:49:45 -06:00

README.md

Janus

Janus is the god of doorways and passages.

Setup

Step-CA Getting Started

step ca init --ssh --acme

Running step-ca as a Daemon

Renewal using systemd timers

SSH Certificates

Server

Use step-ca to sign an existing public key to produce a signed certificate with some principals on it.

step ssh certificate --host --sign \
--principal janus --principal janus.john-stream.com \
--provisioner admin \
janus /etc/ssh/ssh_host_ed25519_key.pub

Get the (public) cert for the CA that signs the user SSH certs from step-ca.

step ssh config --roots > /etc/ssh/ssh_user_ca.pub

Configure sshd to point to the key/cert combo.

cat << EOF > /etc/ssh/sshd_config.d/certs.conf
TrustedUserCAKeys /etc/ssh/ssh_user_ca.pub
HostKey /etc/ssh/ssh_host_ed25519_key
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
EOF

systemctl reload sshd

Client

step ssh certificate --sign \
--principal root --principal john \
--provisioner admin \
john@john-pc-ubuntu ~/.ssh/id_ed25519.pub
Reference in New Issue View Git Blame Copy Permalink
Description
Janus the god of gateways and passages.
Readme 88 KiB
Languages
Shell 100%