Code Monkey home page Code Monkey logo

ssh-ca's People

Contributors

bobveznat avatar markpeek avatar phobologic avatar synfinatic avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

synfinatic ifeatu bitland dmreiland linearregression unixorn cloudxtreme nhz-io gosunilgo skyairmj trobotham mikalv cbluth bianhezhen howeypeter devokun bellyfat orquestracd isabella232 cubit9-danielpeyer bruvio kwanghojung sa-jackmax

ssh-ca's Issues

get_cert doesn't work with SSH agents

In recent versions of gpg, it can serve as an SSH agent. This allows you to easily store your SSH key on a hardware device, like a yubikey.

Unfortunately, in this setup, if you're using ssh-ca, get_cert will fail with:

$ get_cert "<url>"
Unable to find private key matching certificate.

Because it tries to find the private key in ~/.ssh. Since the private key is stored on a hardware device, it doesn't find it.

A simple workaround is to just curl "<url>" ~/.ssh/id_rsa-cert.pub instead of using get_cert, but it would be nice if get_cert just worked.

make principals configurable in the config file

I'll handle this - just wanted to put it here so I don't forget.

Basically the fact we default to ec2-user & ubuntu is fine, until you want to use something else. Having to type --principal multiple times is annoying, and I'd much rather configure it.

Unclear failure from ssh-keygen

I forgot to throw a + in front of the time when signing a key and it caused the ssh-keygen command to fail with this output:

Invalid certificate life specification 4h

Unfortunately you don't see that from ssh-ca - instead you get a mostly unhelpful exception:

Invalid certificate life specification 4h
Traceback (most recent call last):
  File "/usr/local/bin/sign_key", line 5, in <module>
    pkg_resources.run_script('ssh-ca==0.1.0', 'sign_key')
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources.py", line 489, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/pkg_resources.py", line 1214, in run_script
    exec script_code in namespace, namespace
  File "/Library/Python/2.7/site-packages/ssh_ca-0.1.0-py2.7.egg/EGG-INFO/scripts/sign_key", line 125, in <module>

  File "build/bdist.macosx-10.9-intel/egg/ssh_ca/__init__.py", line 55, in sign_public_key
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/subprocess.py", line 575, in check_output
    raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['ssh-keygen', '-z', '259', '-s', '/Users/mike/.ssh/ssh_ca_stage', '-I', '[email protected]', '-V', '4h', '-n', 'ubuntu,ec2-user', '/var/folders/57/m5_p33bx2cn75pyr8s4_c9040000gn/T/tmpyItSVz']' returned non-zero exit status 255

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.