This document tries to find a way to get rid of authorized_keys file.
Certificates may be used for user (auth user to serv) or host authentication
(auth servers to users).
Certificate has a public key, identity information, zero or more principal
(user or host) names and a set of options signed by CA key.
Generate a user certificate:
ssh-keygen -f ~/.ssh/key1
ssh-keygen -s CA.key -I key_id ~/.ssh/key1.pub
Output will be in ~/.ssh/key1-cert.pub
ssh-keygen -f ~/ssh/host1
ssh-keygen -s CA.key -I key_id -h ~/.ssh/host1.pub
Output will be in ~/.ssh/host1-cert.pub
Lets see how we generate CA.key. Seems that is a normal key, but, in
authorized_keys file is marked with option cert-authority.
Create a user (A).
Create a CA key.
Add it to authorized_keys file and mark it as cert-authority.
Generate a key for a connection user (B) and sign it with the CA key.
Add the cert to B's ~/.ssh/
Try to connect with user B to userA@host.
Seems we can specify "-z serial" to ssh-keygen. But ssh-keygen crashes.
- How to revoke a key?
- Seems the key_id is not exported in environment. :(
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"
Clone this repository using HTTP(S):
git clone https://code.reversed.top/user/xaizek/rocketgit
Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://firstname.lastname@example.org/user/xaizek/rocketgit
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a
... clone the repository ...
... make some changes and some commits ...
git push origin master