1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
#!/usr/bin/python3
import argparse
import yaml
import sys
from subprocess import run, PIPE
DEFAULT_HOST_CA = "liw.fi/ca/host/v5"
DEFAULT_USER_CA = "liw.fi/ca/user/v5"
class HostId:
def __init__(self):
self.user_ca_pubkey = None
self.host_key = None
self.host_cert = None
def set_user_ca_pubkey(self, value):
self.user_ca_pubkey = value
def set_host_key(self, value):
self.host_key = value
def set_host_cert(self, value):
self.host_cert = value
def to_dict(self):
return {
"user_ca_pubkey": self.user_ca_pubkey,
"host_key": self.host_key,
"host_cert": self.host_cert,
}
def sshca(args):
p = run(["sshca"] + args, capture_output=True, check=True)
return p.stdout.decode().strip()
def user_ca_pubkey(ca_name):
return sshca(["ca", "public-key", ca_name]).strip()
def host_key(hostname):
sshca(["host", "regenerate", hostname])
return sshca(["host", "private-key", hostname]).strip()
def host_cert(ca_name, hostname):
return sshca(["host", "certify", "--ca", ca_name, hostname]).strip()
def main():
parser = argparse.ArgumentParser()
parser.add_argument("--hostname", required=True)
parser.add_argument("--host-ca", default=DEFAULT_HOST_CA)
parser.add_argument("--user-ca", default=DEFAULT_USER_CA)
values = parser.parse_args()
hostname = values.hostname
host_ca = values.host_ca
user_ca = values.user_ca
hostid = HostId()
hostid.set_user_ca_pubkey(user_ca_pubkey(user_ca))
hostid.set_host_key(host_key(hostname))
hostid.set_host_cert(host_cert(host_ca, hostname))
yaml.safe_dump(hostid.to_dict(), stream=sys.stdout, indent=4)
if __name__ == "__main__":
main()
|