lutz/OpenBAO
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
OpenBAO/ca/openbao-ssh-ca.pub
Lutz Finsterle 5a111b7a20 Add SSH CA integration: signed user + host certs, ssh-login helper 
Turn the ssh/ engine into an SSH CA for cert-based access:

- ssh/ roles: "user" (8h user certs, principal-restricted) and "host"
  (long-lived host certs); mount max-lease-ttl raised for host certs
- scripts/ssh-login.sh: sign a fresh user cert via a scoped ssh/sign/user
  token (API, no bao binary) and connect — no authorized_keys on targets
- ca/openbao-ssh-ca.pub: the SSH CA public key (for TrustedUserCAKeys and
  client @cert-authority trust)
- README: usage, host onboarding, client trust
- gitignore generated per-host artifacts/

First host wired + verified end-to-end: 192.168.0.26 (pifour) — lutz cert
login and host-cert verification both confirmed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-28 14:55:01 +02:00

2 lines
725 B
Plaintext
Raw Permalink Blame History

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTPUjjBap8y5vvfEhTnEbQgYIw7CKXl2dMSS/2IE0+CC3uMuAhfScfkxMOC00GoK0rBwaJTkyyDIAL1XrAQmUB098WfVQP01KKj/n924dAZkNIRy0X6DKd5V0G1eY3M+kPK61IvaH81i3oexdmVMS9ax9E+kLRnxNK0hfSbZrIkTdMp7jCpidoADo4gVKvqucIMSqSKOZduJYQj2WC1cNxIy2DND+ZyXlSlsavOSeZlIswiwIPiPmGbF2QxWwvRMk5NfQRed38eYN+YUJYIUm7gq0UEUq8vhT3+1pKbyyFXnNN5yaI90L8bSdML/H5039lfQcu+MsstUaOLmWcKD1D9EVYzyr2HX/am2oMOVWlefbLwsNXaHpECleGfGFAcOmnIo13RI8gCCDlAVNorGgwEFjgk8RZAW6Om+9d8ae1AhAwzbIx0GR5qi14A0dGua1zyL8HyTRiei5Qz6XZNLX9roHFd3AUfOBdFIXG3TdPi4wAaBCIXuIkg9uBcv63AdAOmUFeMJYlv/9xreZlN/lPJaJbMlBCowMbhqPRFYk02kt7dr+9EGtNhAtEp2PReW6Vca4osUPYmsSovgwZmavWWD3GUg6KY06dxypZIWHtUJIgq42RZ1TGrnvkq9q3gy28k/WcaXD5xJ8vZDAl1oYNVHcSwWu89zf3tMlcgj1BDQ==
Reference in New Issue View Git Blame Copy Permalink