/Certs.txt (dd65951315f3de6d52d52a82fca59889d1d95187) (1132 bytes) (mode 100644) (type blob)

This document tries to find a way to get rid of authorized_keys file.

Certificates may be used for user (auth user to serv) or host authentication
(auth servers to users).

Certificate has a public key, identity information, zero or more principal
(user or host) names and a set of options signed by CA key.

Generate a user certificate:
	ssh-keygen -f ~/.ssh/key1
	ssh-keygen -s CA.key -I key_id ~/.ssh/key1.pub
	Output will be in ~/.ssh/key1-cert.pub

Host certificates:
	ssh-keygen -f ~/ssh/host1
	ssh-keygen -s CA.key -I key_id -h ~/.ssh/host1.pub
	Output will be in ~/.ssh/host1-cert.pub

Lets see how we generate CA.key. Seems that is a normal key, but, in
authorized_keys file is marked with option cert-authority.

Create a user (A).
Create a CA key.
Add it to authorized_keys file and mark it as cert-authority.
Generate a key for a connection user (B) and sign it with the CA key.
Add the cert to B's ~/.ssh/
Try to connect with user B to userA@host.

Seems we can specify "-z serial" to ssh-keygen. But ssh-keygen crashes.

- How to revoke a key?
- Seems the key_id is not exported in environment. :(

Mode Type Size Ref File
100644 blob 9 f3c7a7c5da68804a1bdf391127ba34aed33c3cca .exclude
100644 blob 102 eaeb7d777062c60a55cdd4b5734902cdf6e1790c .gitignore
100644 blob 212 e14603f109924434b214855ecc649e0dbfeaa851 AUTHORS
100644 blob 1132 dd65951315f3de6d52d52a82fca59889d1d95187 Certs.txt
100644 blob 731 4080772e93a3949e17e7a238a9a30fb43ccfd997 Compare.txt
100644 blob 202 76ae4b68b254d7b2fcc199dec13830136927826a History.txt
100644 blob 34520 dba13ed2ddf783ee8118c6a581dbf75305f816a3 LICENSE
100644 blob 2193 7528f3903e2d8dfcb629e1dc04ab71dd518834d9 Makefile.in
100644 blob 3825 34183feb4b2f10639e35acf146b94cadda95e89c README
100644 blob 59519 c1e540636f4e0f710d37c5d0c641dfc8594b422f TODO
100644 blob 1294 f22911eb777f0695fcf81ad686eac133eb11fcc4 TODO-plans
040000 tree - 21928e906ad2907a55c2e81c2a8b0502b586b8a0 artwork
100755 blob 30 92c4bc48245c00408cd7e1fd89bc1a03058f4ce4 configure
040000 tree - f67d3605efbd6422a8acdd953578991139266391 docs
100755 blob 13973 06c624a5b192128aec6d5b2831d823c63fa69fb9 duilder
100644 blob 291 be834a2c16ed1c8508d07a5b4df6683d2c570928 duilder.conf
040000 tree - 753d466d716ad54ef3826c94084eec85c5d4ff03 hooks
040000 tree - 1f9e5019e17f99d76e34f23efeaf3db86330bd59 inc
100644 blob 3501 4cf6dc800a559467433b64621ab9d4dd9774f42d rocketgit.spec.in
040000 tree - f26a8867fed07ec178b3e4e56c99fb3cce631482 root
040000 tree - 4dc3f75586b6d4b7872c0c5a0f5785c1ff1aea80 samples
040000 tree - 4be8f2c415d68361d357b60be923d83e7249019d scripts
040000 tree - 67d785c5d4bbc0b48e1408281b91b40b981013b4 selinux
100755 blob 242 bfcfb00931a643571fec9082e3308c6b68ca9189 spell_check.sh
040000 tree - eace7918c5e504701f4db9b628b848fc703ad8f9 tests
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/catalinux/rocketgit

Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit

Clone this repository using git:
git clone git://git.rocketgit.com/user/catalinux/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main