john/janus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
58e033e16e39c272d55dbd44fbc47c7ff52eed2b
janus/README.md
John Lancaster 58e033e16e started readme
2026-01-03 17:39:26 -06:00

1.1 KiB
Raw Blame History

Janus

Janus is the god of doorways and passages.

Setup

Step-CA Getting Started

step ca init --ssh --acme

Running step-ca as a Daemon

Renewal using systemd timers

SSH Certificates

Use step-ca to sign an existing public key to produce a signed certificate with some principals on it.

step ssh certificate --host --sign \
--principal janus --principal janus.john-stream.com \
--provisioner admin \
janus /etc/ssh/ssh_host_ed25519_key.pub

Get the (public) cert for the CA that signs the user SSH certs from step-ca.

step ssh config --roots > /etc/ssh/ssh_user_ca.pub

Configure sshd to point to the key/cert combo.

cat << EOF > /etc/ssh/sshd_config.d/certs.conf
TrustedUserCAKeys /etc/ssh/ssh_user_ca.pub
HostKey /etc/ssh/ssh_host_ed25519_key
HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
EOF
Reference in New Issue View Git Blame Copy Permalink