History

Ventilaar 09f73f8501 Add sshCA to the repo		2023-01-28 23:37:10 +01:00
..
db	Add sshCA to the repo	2023-01-28 23:37:10 +01:00
ssh	Add sshCA to the repo	2023-01-28 23:37:10 +01:00
templates	Add sshCA to the repo	2023-01-28 23:37:10 +01:00
README.md	Add sshCA to the repo	2023-01-28 23:37:10 +01:00
main.py	Add sshCA to the repo	2023-01-28 23:37:10 +01:00
test.db	Add sshCA to the repo	2023-01-28 23:37:10 +01:00

README.md

this is unstable and unfinished software

ssh certificate manager

what is it?

This is a simple flask application which manages ssh certificates. It also has a simple api where cloud-init can automatically request certifications.

what are ssh certificates

Oh no your private key has leaked! Now you need to rekey 100+ computers manually or with ansible if you know how. Another way is to use ssh certificates where there is a PKI set up which signs public keys based on trust. You sign your public key and now every machine wich has the CA in it's list now trusts your signed public key.

The reverse is also possible and required. The host key can also be signed where you only need to trust the CA. Now every SSH connection signed by a central CA key is trusted and secure. Unless the CA leaks, just store it on a hardware key you dummy.