diff options
| -rw-r--r-- | Makefile | 14 | ||||
| -rw-r--r-- | licence-arithmetic.md | 4 | ||||
| -rw-r--r-- | licence-arithmetic.subplot | 3 | ||||
| -rw-r--r-- | sshca.md | 100 | ||||
| -rw-r--r-- | test.html | 10 |
5 files changed, 9 insertions, 122 deletions
@@ -1,15 +1,13 @@ -sources = $(wildcard *.md) -htmls = $(sources:.md=.html) -pdfs = $(sources:.md=.pdf) +sources = $(wildcard *.subplot) +htmls = $(sources:.subplot=.html) +pdfs = $(sources:.subplot=.pdf) -.SUFFIXES: .md .html .pdf +.SUFFIXES: .subplot .html .pdf -.md.html: +.subplot.html: subplot docgen --output $@ $< -.md.pdf: +.subplot.pdf: subplot docgen --output $@ $< all: $(htmls) $(pdfs) - -rethinking-email.pdf rethinking-email.html: rethinking-email.md email.bib diff --git a/licence-arithmetic.md b/licence-arithmetic.md index 05bd9a7..887c34b 100644 --- a/licence-arithmetic.md +++ b/licence-arithmetic.md @@ -1,7 +1,3 @@ ---- -title: Licence arithmetic -... - Combining code from different sources in a free or open source software project requires making sure that the licences of each component are compatible. As an example, the GNU General Public diff --git a/licence-arithmetic.subplot b/licence-arithmetic.subplot new file mode 100644 index 0000000..7cc774f --- /dev/null +++ b/licence-arithmetic.subplot @@ -0,0 +1,3 @@ +title: Licence arithmetic +markdowns: + - licence-arithmetic.md diff --git a/sshca.md b/sshca.md deleted file mode 100644 index 85a981c..0000000 --- a/sshca.md +++ /dev/null @@ -1,100 +0,0 @@ -# Abstract - -This is a sketch of an idea for a little command line tool for -managing SSH CA keys and making certificates. - -# SSH CA - -An SSH CA is an SSH key used to certify host and user keys. When a -host key is certificate, each user can configure their SSH client to -trust a host certificated made with a known CA key. They then only -ever need to verify that the CA key is valid, rather than every new -host key. The host certificate can specify the host name that it's -valid for. - -Similarly, a sysadmin can configure their SSH server to trust user -certificate made with a CA key. The user certificate specifies which -user account on the server it's valid for. This means the user doesn't -need to have a password so they can log in once to add their SSH -public key to their `authorized_keys` file on the server. - - -# `sshca` the command line tool - -`sshca` is a command line tool for managing SSH CA keys and making -certificates. It's a wrapper around the `ssh-keygen` tool that aims to -be easier to use and harder to misuse. - -Each certificate has an automatically chosen serial number. `sshca` -keeps track of the serial numbers that have been used. - -Certificates can optionally have a validity period (valid from a time, -and until a time). The period may be open ended. - - - - -## Generate an SSH CA key - -To generate a new SSH CA key pair and give is a short name: - -```sh -$ sshca generate NAME -``` - -The key pair will be stored in `~/.ssh/sshca` and will by default be -of type `ed25519` (elliptic curve), for higher security and smaller -key size. The type can be specified with an option. - - -## List existing SSH CA keys - -To list SSH CA keys: - -```sh -$ sshca list -default ed25519 .... -``` - -This lists all the keys in the `~/.ssh/sshca` directory. - - -## Removing an SSH CA key - -To remove an SSH CA key: - -```sh -$ sshca remove-key NAME -``` - -This removes the named key from the `~/.ssh/sshca` directory. - - -## Create a host certificate - -To create a host certificate: - -```sh -$ sshca cert-host KEYNAME HOSTPUB HOSTNAME > FILENAME -``` - -This create a host certificate using a named SSH CA key, for a given -host public key, and ties it a given host name. The certificate is -written to the standard output, and can be redirected to a file as -usual on the command line. - - -## Create a user certificate - -To create a user certificate: - -```sh -$ ssh ca cert-user KEYNAME USERPUB USERNAME > FILENAME -``` - -Similar to a host certificate, but for a user. - - ---- -title: SSH CA helper -... diff --git a/test.html b/test.html deleted file mode 100644 index 554098f..0000000 --- a/test.html +++ /dev/null @@ -1,10 +0,0 @@ -<doctype html> -<html> - <head> - <title>Test</title> - </head> - <body> - <h1>Title</h1> - <p>This is a test.</p> - </body> -</html> |