The signmykey from hammerz3it

Signmykey is an automated SSH Certificate Authority. It allows you to securely and centrally manage SSH accesses to your infrastructure.

Three types of backends are supported by Signmykey:

Authenticator: users can be authenticated through different systems like LDAP or Local map.
Principals: list of principals applied to SSH certificates can be created dynamically from LDAP groups or set statically in local config.
Signer: cryptographic signing operations of SSH certificates can be done directly by Signmykey or via Hashicorp Vault.

Install

Manual

Download signmykey zip file (ex: on 64bits linux):

curl -Lo signmykey https://github.com/signmykeyio/signmykey/releases/download/v0.5.1/signmykey_linux_amd64

Install it in your PATH:

chmod +x signmykey && sudo mv signmykey /usr/bin/

APT

Ensure you have curl and gpg

sudo apt update && sudo apt install ca-certificates curl gnupg

Add Signmykey GPG to your APT truststore

curl https://gpg.signmykey.io/signmykey.pub | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/signmykey.gpg

Add Signmykey repository

echo 'deb [signed-by=/etc/apt/trusted.gpg.d/signmykey.gpg] https://apt.signmykey.io stable main' | sudo tee /etc/apt/sources.list.d/signmykey.list

Install Signmykey package

sudo apt update && sudo apt install signmykey

YUM

Add Signmykey repository

echo "[signmykey]
name=Signmykey repo
baseurl=https://rpm.signmykey.io/
enabled=1
gpgcheck=0
repo_gpgcheck=1
gpgkey=https://gpg.signmykey.io/signmykey.pub" > /etc/yum.repos.d/signmykey.repo

Install Signmykey package

sudo yum install signmykey

Quickstart

Start server in dev mode (replace myremoteuser by the name of the user you want to connect on remote server):

signmykey server dev -u myremoteuser

Follow "Server side" instructions displayed by previous command, ex:

### Server side                                                                                                                                                                        
                                                                                                                                                                                       
An ephemeral certificate authority is created for this instance and will die with it.                                                                                                  
To deploy this CA on destination servers, you can launch this command:                                                                                                                 
                                                                                                                                                                                       
        $ echo "ssh-rsa fakeCApubKey" > /etc/ssh/ca.pub

You then have to add this line to "/etc/ssh/sshd_config" and restart OpenSSH server:

        TrustedUserCAKeys /etc/ssh/ca.pub

Follow "Client side" instructions, ex:

### Client side

A temporary user is created with this parameters:

        user: myremoteuser
        password: fakepassword
        principals: myremoteuser

You can sign your key with this command:

        $ signmykey -a http://127.0.0.1:9600/ -u myremoteuser

Congrats \o/

Documentation

Documentation is available at https://signmykey.io/

hammerz3it / signmykey Goto Github PK

signmykey's Introduction

Install

Manual

APT

YUM

Quickstart

Documentation

signmykey's People

Contributors

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent