-g
- This takes a github user name as an argument and generates a certificate for each key stored in github.
-f
- Instead of the github user name, one can provide a file that contains all the keys.
- Nevertheless the flag '-g' is needed as the certificate holder's name.
-V
- Add the validity period the validity interval of a certificate
- Per default a certificate is valid for seven days.
- more information can be found here: https://man.openbsd.org/ssh-keygen#V validity_interval
-n
- This flag restricts the certificate to a list of principals that the client is allowed to log in.

-I
- This takes the HOST_ID of the server.
-f
- The file that contains all the keys.
-V
- Add the validity period interval of a certificate
- Per default a certificate is valid for one year.
- more information can be found here: https://man.openbsd.org/ssh-keygen#V validity_interval
-n
- This flag restricts the certificate to a list of pricipals that the host is known by.

The output of 'generate_host_certificate.sh' is the certificate 'HOST_ID-cert.pub' that needs to be copied to the host. It is stored in the home directory '$HOME/signed_keys'.

Prepare CA

Prepare Yubikey

...

Page tree

Versions Compared

Old Version 11

New Version 12

Key

Prepare CA

Prepare Yubikey

Page tree

Page History

Versions Compared

Old Version 11

New Version 12

Key

Prepare CA

Prepare Yubikey