summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLars Wirzenius <liw@liw.fi>2021-08-27 06:31:45 +0000
committerLars Wirzenius <liw@liw.fi>2021-08-27 06:31:45 +0000
commit0a4db253323b6d9c2199f9af6712c31736dbb6e7 (patch)
tree1a6de6bc81f2a80a5c533cf70e1461c5afaf9b6d
parent31b4d0d57efe0acc0ae7323928b3adad3dbff398 (diff)
parent94f6d58e4714df5f65f6daea615da284bac27309 (diff)
downloadsshca-web-0a4db253323b6d9c2199f9af6712c31736dbb6e7.tar.gz
Merge branch 'desc' into 'main'
add a little content to site See merge request larswirzenius/sshca-web!2
-rw-r--r--blog/2021/08/27/welcome.mdwn11
-rw-r--r--index.mdwn20
2 files changed, 27 insertions, 4 deletions
diff --git a/blog/2021/08/27/welcome.mdwn b/blog/2021/08/27/welcome.mdwn
new file mode 100644
index 0000000..8908385
--- /dev/null
+++ b/blog/2021/08/27/welcome.mdwn
@@ -0,0 +1,11 @@
+[[!meta date="Fri, 27 Aug 2021 09:09:46 +0300"]]
+[[!meta title="Project start"]]
+
+I have in recent time learned about [SSH CA][] as a way to make use of
+SSH more convenient, while making it more secure. However, while
+managing an SSH CA instance with just the `ssh-keygen` tool is
+possible, I want more convenient tooling. This project is about
+developing such tooling.
+
+The `sshca` tool will be free and open source software, but I hope to
+offer some paid-for training and support to those who can pay.
diff --git a/index.mdwn b/index.mdwn
index 006e2b4..c89422e 100644
--- a/index.mdwn
+++ b/index.mdwn
@@ -4,15 +4,27 @@
[[Blog]] &mdash;
[[License]]
-sshca is a tool for managing an [SSH CA][].
+The `sshca` tool helps manage an SSH Certificate Authority ([SSH CA][]) and
+create host and user certificates. Such certificates make using and
+administering SSH less tedious and more secure.
-This website will be filled out later.
+An SSH CA is an SSH key dedicated to signing, or certifying, other SSH
+keys. Such a signed key is called a certificate and is used together
+with the private part of the certified key. The certificate is used
+instead of the public key.
+
+SSH clients and servers can be configured to trust certificates made
+by one or more CA keys. This makes it possible for a client to trust a
+server without asking the user to accept the host key for each new
+server. A server can trust a client without having the client's public
+key configured for that user in the `authorized_key` file. This
+simplifies overall key management significantly, but requires creating
+and managing CA keys and certificates.
[SSH CA]: https://liw.fi/sshca
# News
<div class="newslist">
-[[!inline pages="page(blog/*)"
- limit=5 template=titlepage archive=yes trail=no feeds=no]]
+[[!inline pages="page(blog/*)" limit=5 archive=yes trail=no feeds=no]]
</div>