Sharkey是OpeSSH管理证书使用的服务。
Sharkey分为客户端组件和服务端组件,服务端负责发布已签署的主机证书,客户端负责在机器上安装主机证书。
服务端使用示例:
usage: sharkey-server --cofig=CONFIG [<flags>]Flags: --help Show cotext-sesitive help (also try --help-log ad --help-ma). --cofig=CONFIG Path to yaml cofig file for setup --suffix=SUFFIX Suffix of hostames that will be supplied to server. --versio Show applicatio versio.服务端配置示例:
# SQLite database# ---db: address: /path/to/sharkey.db type: sqlite# MySQL database# ---# db:# userame: root# password: password# address: hostame:port# schema: ssh_ca# type: mysql# tls: # MySQL TLS cofig (optioal)# ca: /path/to/mysql-ca-budle.pem# cert: /path/to/mysql-cliet-cert.pem # MySQL cliet cert# key: /path/to/mysql-cliet-cert-key.pem # MySQL cliet cert key# mi_versio: 1.2 # Mi. TLS versio# Server listeig addressliste_addr: "0.0.0.0:8080"# TLS cofig for servig requests# ---tls: ca: /path/to/ca-budle.pem cert: /path/to/server-certificate.pem key: /path/to/server-certificate-key.pem mi_versio: 1.2 # Mi. TLS versio (optioal) # Sigig key (from ssh-keyge)sigig_key: /path/to/ca-sigig-key # Lifetime/validity duratio for geerated host certificatescert_duratio: 168h客户端使用示例:
usage: sharkey-cliet --cofig=CONFIG [<flags>]Flags: --help Show cotext-sesitive help (also try --help-log ad --help-ma). --cofig=CONFIG Path to yaml cofig file for setup --versio Show applicatio versio.客户端配置示例:
# Server addressrequest_addr: "https://sharkey-server.example:8080"# TLS cofig for makig requests# ---tls: ca: /path/to/ca-budle.pem cert: /path/to/cliet-certificate.pem key: /path/to/cliet-certificate-key.pem# OpeSSH host key (usiged)host_key: /etc/ssh/ssh_host_rsa_key.pub# Where to istall the siged host certificatesiged_cert: /etc/ssh/ssh_host_rsa_key_siged.pub# Where to istall the kow_hosts filekow_hosts: /etc/ssh/kow_hosts# How ofte to refresh/request ew certificatesleep: "24h"
评论