calvin.house/docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Edits to script section

Browse Source
This commit is contained in:
Calvin L House, Jr
2026-04-09 01:16:36 +00:00
parent 38134c417b
commit 69eede65d8
1 changed files with 24 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
tls_docs/ssh_ca/ssh_certs.md
View File

@@ -156,25 +156,34 @@ case $CHOICE in
"${HOST_CA}/hosts/${NAME}.pub" "${HOST_CA}/hosts/${NAME}.pub"
clear clear
echo "Reviewing HOST Certificate for ${NAME}:"
ssh-keygen -L -f "${HOST_CA}/hosts/${NAME}-cert.pub"
cat << EOF cat << EOF
**************************************************************************** ****************************************************************************
************************* Copy to Remote Host ****************************** ************************* Copy to Remote Host ******************************
**************************************************************************** ****************************************************************************
Host Certificate for ${NAME}
-------------------------------------
$(ssh-keygen -L -f "${HOST_CA}/hosts/${NAME}-cert.pub")
------------------------------------------
${NAME} Private Key ${NAME} Private Key
cat ${HOST_CA}/hosts/${NAME} $(cat ${HOST_CA}/hosts/${NAME})
chmod 400 /etc/ssh/${NAME} chmod 400 /etc/ssh/${NAME}
-- --
${NAME} Public Key and Certificate ${NAME} Public Key and Certificate
----------------------------------
echo "$(cat "${HOST_CA}/hosts/${NAME}.pub")" > /etc/ssh/${NAME}.pub echo "$(cat "${HOST_CA}/hosts/${NAME}.pub")" > /etc/ssh/${NAME}.pub
echo "$(cat "${HOST_CA}/hosts/${NAME}-cert.pub")" > /etc/ssh/${NAME}-cert.pub echo "$(cat "${HOST_CA}/hosts/${NAME}-cert.pub")" > /etc/ssh/${NAME}-cert.pub
-- --
Trusted User CA Trusted User CA
---------------
echo "$(cat "${USER_CA}/${USER_CA_KEY}.pub")" > /etc/ssh/${USER_CA_KEY}.pub echo "$(cat "${USER_CA}/${USER_CA_KEY}.pub")" > /etc/ssh/${USER_CA_KEY}.pub
-- --
Edit ${NAME} sshd_config Edit ${NAME} sshd_config
------------------------
echo "HostKey /etc/ssh/${NAME}" >> /etc/ssh/sshd_config echo "HostKey /etc/ssh/${NAME}" >> /etc/ssh/sshd_config
echo "HostCertificate /etc/ssh/${NAME}-cert.pub" >> /etc/ssh/sshd_config echo "HostCertificate /etc/ssh/${NAME}-cert.pub" >> /etc/ssh/sshd_config
echo "TrustedUserCAKeys /etc/ssh/${USER_CA_KEY}.pub" >> /etc/ssh/sshd_config echo "TrustedUserCAKeys /etc/ssh/${USER_CA_KEY}.pub" >> /etc/ssh/sshd_config
@@ -200,25 +209,34 @@ EOF
"${USER_CA}/users/${NAME}.pub" "${USER_CA}/users/${NAME}.pub"
clear clear
echo "Reviewing ${NAME} Client Certificate:"
ssh-keygen -L -f "${USER_CA}/users/${NAME}-cert.pub"
cat << EOF cat << EOF
**************************************************************************** ****************************************************************************
************************* Copy to client *********************************** ************************* Copy to client ***********************************
**************************************************************************** ****************************************************************************
"${NAME} Client Certificate:"
$(ssh-keygen -L -f "${USER_CA}/users/${NAME}-cert.pub")
--------------------------
${NAME} Private key ${NAME} Private key
-------------------
cat ${USER_CA}/users/${NAME} cat ${USER_CA}/users/${NAME}
chmod 400 ~/.ssh/${NAME} chmod 400 ~/.ssh/${NAME}
-- --
${NAME} Public Key and Certificate ${NAME} Public Key and Certificate
----------------------------------
echo "$(cat "${USER_CA}/users/${NAME}.pub")" > ~/.ssh/${NAME}.pub echo "$(cat "${USER_CA}/users/${NAME}.pub")" > ~/.ssh/${NAME}.pub
echo "$(cat "${USER_CA}/users/${NAME}-cert.pub")" > ~/.ssh/${NAME}-cert.pub echo "$(cat "${USER_CA}/users/${NAME}-cert.pub")" > ~/.ssh/${NAME}-cert.pub
-- --
Add Trusted host CA to ~/.ssh/known_hosts (edit domain wildcard and hostnames/IPs) Add Trusted host CA to ~/.ssh/known_hosts (edit domain wildcard and hostnames/IPs)
----------------------------------------------------------------------------------
echo "@cert-authority * $(cat "${HOST_CA}/${HOST_CA_KEY}.pub")" >> ~/.ssh/known_hosts echo "@cert-authority * $(cat "${HOST_CA}/${HOST_CA_KEY}.pub")" >> ~/.ssh/known_hosts
-- --
~/.ssh/config template ~/.ssh/config template
----------------------
Host *.domain.com 192.168.1.* 192.168.2.* 192.168.3.* Host *.domain.com 192.168.1.* 192.168.2.* 192.168.3.*
IdentityFile ~/.ssh/username IdentityFile ~/.ssh/username
IdentitiesOnly yes IdentitiesOnly yes