cloudtools / ssh-ca Goto Github PK
View Code? Open in Web Editor NEWManagement utilities to support a certificate authority for ssh keys
License: BSD 2-Clause "Simplified" License
Management utilities to support a certificate authority for ssh keys
License: BSD 2-Clause "Simplified" License
In recent versions of gpg, it can serve as an SSH agent. This allows you to easily store your SSH key on a hardware device, like a yubikey.
Unfortunately, in this setup, if you're using ssh-ca, get_cert
will fail with:
$ get_cert "<url>"
Unable to find private key matching certificate.
Because it tries to find the private key in ~/.ssh. Since the private key is stored on a hardware device, it doesn't find it.
A simple workaround is to just curl "<url>" ~/.ssh/id_rsa-cert.pub
instead of using get_cert
, but it would be nice if get_cert
just worked.
I'll handle this - just wanted to put it here so I don't forget.
Basically the fact we default to ec2-user & ubuntu is fine, until you want to use something else. Having to type --principal multiple times is annoying, and I'd much rather configure it.
I forgot to throw a + in front of the time when signing a key and it caused the ssh-keygen command to fail with this output:
Invalid certificate life specification 4h
Unfortunately you don't see that from ssh-ca - instead you get a mostly unhelpful exception:
Invalid certificate life specification 4h
Traceback (most recent call last):
File "/usr/local/bin/sign_key", line 5, in <module>
pkg_resources.run_script('ssh-ca==0.1.0', 'sign_key')
File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources.py", line 489, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources.py", line 1214, in run_script
exec script_code in namespace, namespace
File "/Library/Python/2.7/site-packages/ssh_ca-0.1.0-py2.7.egg/EGG-INFO/scripts/sign_key", line 125, in <module>
File "build/bdist.macosx-10.9-intel/egg/ssh_ca/__init__.py", line 55, in sign_public_key
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 575, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['ssh-keygen', '-z', '259', '-s', '/Users/mike/.ssh/ssh_ca_stage', '-I', '[email protected]', '-V', '4h', '-n', 'ubuntu,ec2-user', '/var/folders/57/m5_p33bx2cn75pyr8s4_c9040000gn/T/tmpyItSVz']' returned non-zero exit status 255
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.