From fd65f9f9d444e55748b447411ecd84ba6f3699d7 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Thu, 15 Sep 2022 21:22:52 +0300
Subject: fix for new Subplot, drop obsolete sshca

Sponsored-by: author
---
 sshca.md | 100 ---------------------------------------------------------------
 1 file changed, 100 deletions(-)
 delete mode 100644 sshca.md

(limited to 'sshca.md')

diff --git a/sshca.md b/sshca.md
deleted file mode 100644
index 85a981c..0000000
--- a/sshca.md
+++ /dev/null
@@ -1,100 +0,0 @@
-# Abstract
-
-This is a sketch of an idea for a little command line tool for
-managing SSH CA keys and making certificates.
-
-# SSH CA
-
-An SSH CA is an SSH key used to certify host and user keys. When a
-host key is certificate, each user can configure their SSH client to
-trust a host certificated made with a known CA key. They then only
-ever need to verify that the CA key is valid, rather than every new
-host key. The host certificate can specify the host name that it's
-valid for.
-
-Similarly, a sysadmin can configure their SSH server to trust user
-certificate made with a CA key. The user certificate specifies which
-user account on the server it's valid for. This means the user doesn't
-need to have a password so they can log in once to add their SSH
-public key to their `authorized_keys` file on the server.
-
-
-# `sshca` the command line tool
-
-`sshca` is a command line tool for managing SSH CA keys and making
-certificates. It's a wrapper around the `ssh-keygen` tool that aims to
-be easier to use and harder to misuse.
-
-Each certificate has an automatically chosen serial number. `sshca`
-keeps track of the serial numbers that have been used.
-
-Certificates can optionally have a validity period (valid from a time,
-and until a time). The period may be open ended.
-
-
-
-
-## Generate an SSH CA key
-
-To generate a new SSH CA key pair and give is a short name:
-
-```sh
-$ sshca generate NAME
-```
-
-The key pair will be stored in `~/.ssh/sshca` and will by default be
-of type `ed25519` (elliptic curve), for higher security and smaller
-key size. The type can be specified with an option.
-
-
-## List existing SSH CA keys
-
-To list SSH CA keys:
-
-```sh
-$ sshca list
-default ed25519 ....
-```
-
-This lists all the keys in the `~/.ssh/sshca` directory.
-
-
-## Removing an SSH CA key
-
-To remove an SSH CA key:
-
-```sh
-$ sshca remove-key NAME
-```
-
-This removes the named key from the `~/.ssh/sshca` directory.
-
-
-## Create a host certificate
-
-To create a host certificate:
-
-```sh
-$ sshca cert-host KEYNAME HOSTPUB HOSTNAME > FILENAME
-```
-
-This create a host certificate using a named SSH CA key, for a given
-host public key, and ties it a given host name. The certificate is
-written to the standard output, and can be redirected to a file as
-usual on the command line.
-
-
-## Create a user certificate
-
-To create a user certificate:
-
-```sh
-$ ssh ca cert-user KEYNAME USERPUB USERNAME > FILENAME
-```
-
-Similar to a host certificate, but for a user.
-
-
----
-title: SSH CA helper
-...
-- 
cgit v1.2.1