Sharkey 介绍
Sharkey 是OpenSSH管理证书使用的服务。
Sharkey 分为客户端组件和服务端组件,服务端负责发布已签署的主机证书,客户端负责在机器上安装主机证书。
服务端使用示例:
usage: sharkey-server --config=CONfig [<flags>] Flags: --help Show context-sensitive help (also try --help-long and --help-man). --config=CONfig Path to yaml config file for setup --suffix=SUFFIX Suffix of hostnames that will be supplied to server. --version Show application version.
服务端配置示例:
# sqlite database # --- db: address: /path/to/sharkey.db type: sqlite # MysqL database # --- # db: # username: root # password: password # address: hostname:port # schema: ssh_ca # type: MysqL # tls: # MysqL TLS config (optional) # ca: /path/to/MysqL-ca-bundle.pem # cert: /path/to/MysqL-client-cert.pem # MysqL client cert # key: /path/to/MysqL-client-cert-key.pem # MysqL client cert key # min_version: 1.2 # Min. TLS version # Server listening address listen_addr: "0.0.0.0:8080" # TLS config for serving requests # --- tls: ca: /path/to/ca-bundle.pem cert: /path/to/server-certificate.pem key: /path/to/server-certificate-key.pem min_version: 1.2 # Min. TLS version (optional) # Signing key (from ssh-keygen) signing_key: /path/to/ca-signing-key # Lifetime/validity duration for generated host certificates cert_duration: 168h
客户端使用示例:
usage: sharkey-client --config=CONfig [<flags>] Flags: --help Show context-sensitive help (also try --help-long and --help-man). --config=CONfig Path to yaml config file for setup --version Show application version.
客户端配置示例:
# Server address request_addr: "https://sharkey-server.example:8080" # TLS config for making requests # --- tls: ca: /path/to/ca-bundle.pem cert: /path/to/client-certificate.pem key: /path/to/client-certificate-key.pem # OpenSSH host key (unsigned) host_key: /etc/ssh/ssh_host_rsa_key.pub # Where to install the signed host certificate signed_cert: /etc/ssh/ssh_host_rsa_key_signed.pub # Where to install the kNown_hosts file kNown_hosts: /etc/ssh/kNown_hosts # How often to refresh/request new certificate sleep: "24h"
Sharkey 官网
https://github.com/square/sharkey
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。