Releases: cloudtools/ssh-cert-authority
Autosign requests
With this release you may configure certain environments to autosign requests. In this way no explicit signing is required by peers but we still protect the CA and still have the benefits of time-limited and restricted certificates.
Docker containers are available and tagged similarly as cloudtools/ssh-cert-authority (https://hub.docker.com/r/cloudtools/ssh-cert-authority/).
To install one of these binaries download it, gunzip it, chmod +x it and put it in your $PATH. In order for the binary to actually run you're going to need a basic config file. See the README and USAGE files for help.
one one zero
This release introduced two new features:
- Reject requests: In addition to typing 'yes' or 'no' on cert requests signers also have a 'reject' option now that forcefully pins a cert request into the junkyard where it may never return. This can be used, for example, against an unreasonable request and prevents it from ever being signed in the future.
- Server enforcement of max lifetimes. You may specify in the sign_certd config file a maximum lifetime for certificates. If a cert is requested with a lifetime beyond this period the cert is automatically rejected. This allows you to easily enforce that certificates always be given "short" lifetimes, whatever your definition of short is.
Documentation was updated to reflect both of these features.
Docker containers are available and tagged similarly as cloudtools/ssh-cert-authority.
To install one of these binaries download it, gunzip it, chmod +x it and put it in your $PATH. In order for the binary to actually run you're going to need a basic config file. See the README and USAGE files for help.
Initial release
Docker containers are available and tagged similarly as cloudtools/ssh-cert-authority.
To install one of these binaries download it, gunzip it, chmod +x it and put it in your $PATH. In order for the binary to actually run you're going to need a basic config file. See the README and USAGE files for help.