commit 45e97a0f1b6ab0c03f94e268f4848142fe1d9ed6
parent 2e46acf97fd4d673eb650cc4acd6496a7095a7d3
Author: Paco Esteban <paco@e1e0.net>
Date: Thu, 30 May 2024 11:39:39 +0200
add scripts to manage SSH CA
Diffstat:
4 files changed, 56 insertions(+), 0 deletions(-)
diff --git a/ssh_ca_scripts/generate_host_keys.sh b/ssh_ca_scripts/generate_host_keys.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -eu
+
+host=$1
+
+mkdir "$host"
+
+for i in rsa ecdsa ed25519; do
+ ssh-keygen \
+ -t "$i" \
+ -N '' \
+ -f "$host/ssh_host_${i}_key" \
+ -C "${host}.e1e0.net $i server key"
+done
diff --git a/ssh_ca_scripts/generate_user_keys.sh b/ssh_ca_scripts/generate_user_keys.sh
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -eu
+
+ssh_user=$1
+
+mkdir -p "$ssh_user"
+
+ssh-keygen \
+ -a 100 \
+ -t ed25519 \
+ -f "$ssh_user/e1e0_id_ed25519" \
+ -C "$ssh_user@e1e0.net::$(date '+%Y%m%d')"
diff --git a/ssh_ca_scripts/sign_host_key.sh b/ssh_ca_scripts/sign_host_key.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+host=$1
+
+ssh-keygen \
+ -s CA/e1e0-ca-key \
+ -I "e1e0_host_$host" \
+ -h \
+ -n "$host.e1e0.net" \
+ -V +56w5d \
+ -z "+${RANDOM}" \
+ hosts/$host/ssh_host_*pub
diff --git a/ssh_ca_scripts/sign_user_key.sh b/ssh_ca_scripts/sign_user_key.sh
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -eu
+
+ssh_users=$1
+main_user=$(echo $1 | sed 's/,.*//')
+shift
+
+ssh-keygen \
+ -s CA/e1e0-ca-key \
+ -I "e1e0_user_${main_user}" \
+ -n "$ssh_users" \
+ -V +56w5d \
+ -z "${RANDOM}" \
+ "$@" \
+ users/$main_user/e1e0_id_ed25519.pub
