Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-7593

sshkey: add support for "markers" / SSHCA

    Details

    • Type: New Feature
    • Status: Accepted
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: sshkeys_core
    • Labels:
    • Template:
    • Acceptance Criteria:
      Hide
      • Type sshkey accepts a new property for key markers with the the allowed options of ['@cert-authority', '@revoked']
      • Specifying the field results in a authorized_host line prefixed with the marker
      Show
      Type sshkey accepts a new property for key markers with the the allowed options of ['@cert-authority', '@revoked'] Specifying the field results in a authorized_host line prefixed with the marker
    • Team:
      Coremunity

      Description

      OpenSSH has support for so called "SSH Certificates" for both hostkeys as well as user keys. So a host can be verified by validating a certain ssh certificate.

      The sshkey resource does not yet support managing allowed CAs in ssh_known_hosts, because technically it is realized with markers before the host aliases (similar to options in ssh_authorized_keys).

      So to realize this feature requestion one would have to add a new property "markers" (how it is called in the sshd manapage) or "options" (which would be consistent with the similar parameter in ssh_authorized_key) and allow the values @cert-authority and @revoked.

      As it stands now, it's not possible to manage a SSH CA keys with puppe (except managing known_hosts with a file resource).

        Attachments

          Activity

            jsd-sla-details-panel

              People

              • Assignee:
                Unassigned
                Reporter:
                aptituz Patrick Schoenfeld
              • Votes:
                3 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:

                  Zendesk Support