feat: generate SSH key pairs, create host certificates

author: Lars Wirzenius <liw@liw.fi> 2021-03-07 09:01:23 +0200
committer: Lars Wirzenius <liw@liw.fi> 2021-03-07 12:25:19 +0200
commit: 4621b07522564f6a3c1c2ad0484fb88cf0e2ce49 (patch)
tree: 8f8c33437771322c2c5c2c40d79151320beb2beb /vmadm.md
parent: a6f802fda57fc7e951c0374a268de2274718cd9d (diff)
download: vmadm-4621b07522564f6a3c1c2ad0484fb88cf0e2ce49.tar.gz
1 files changed, 20 insertions, 1 deletions
diff --git a/vmadm.md b/vmadm.md
index 73b4a52..0ba4f12 100644
--- a/vmadm.md
+++ b/vmadm.md
@@ -42,6 +42,8 @@ default_base_image: base.qcow2
 default_image_gib: 5
 default_memory_mib: 2048
 default_cpus: 1
+default_generate_host_certificate: true
+ca_key: ca_key
 authorized_keys:
   - .ssh/id_rsa.pub
 ~~~
@@ -50,14 +52,29 @@ authorized_keys:
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChZ6mVuGLBpW7SarFU/Tu6TemquNxatbMUZuTk8RqVtbkvTKeWFZ5h5tntWPHgST8ykYFaIrr8eYuKQkKdBxHW7H8kejTNwRu/rDbRYX5wxTn4jw4RVopGTpxMlGrWeu5CkWPoLAhQtIzzUAnrDGp9sqG6P1G4ohI61wZMFQta9R2uNxXnnes+e2r4Y78GxmlQH/o0ouI8fBnsxRK0IoSfFs2LutO6wjyzR59FdC9TT7wufd5kXMRzxsmPGeXzNcaqvHGxBvRucGFclCkqSRwk3GNEpXZQhlCIoTIoRu0IPAp/430tlx9zJMhhwDlZsOOXRrFYpdWVMSTAAKECLSYx liw@exolobe1
 ~~~
 
+~~~{#ca_key .file}
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACABAgbX2ZOvZUO42nZDbKYOaovzfaSH1uiXKjBFydy2igAAAJBWl8ZtVpfG
+bQAAAAtzc2gtZWQyNTUxOQAAACABAgbX2ZOvZUO42nZDbKYOaovzfaSH1uiXKjBFydy2ig
+AAAECD6VUD9Cl/oDBtGumplYGWkbYCWXTFDAb6CaeXyf1ErQECBtfZk69lQ7jadkNspg5q
+i/N9pIfW6JcqMEXJ3LaKAAAADGxpd0BleG9sb2JlMQE=
+-----END OPENSSH PRIVATE KEY-----
+~~~
+
 ~~~{#ssh_config .file}
 host *
-  userknownhostsfile=/dev/null
+  userknownhostsfile=ssh/known_hosts
   stricthostkeychecking=accept-new
   identityfile=.ssh/id_rsa
+  identitiesonly=yes
   passwordauthentication=no
 ~~~
 
+~~~{#known_hosts .file}
+@cert-authority * ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAECBtfZk69lQ7jadkNspg5qi/N9pIfW6JcqMEXJ3LaK
+~~~
+
 # Cloud-init configuration
 
 This scenario verifies that vmadm creates the cloud-init configuration
@@ -129,9 +146,11 @@ given an installed vmadm
 given a Debian 10 OpenStack cloud image
 given file smoke.yaml
 given file config.yaml
+given file ca_key
 given file .ssh/id_rsa from ssh_key
 given file .ssh/id_rsa.pub from ssh_key_pub
 given file .ssh/config from ssh_config
+given file .ssh/known_hosts from known_hosts
 when I invoke vmadm new --config config.yaml smoke.yaml
 when I invoke ssh -F .ssh/config debian@smoke hostname
 then stdout contains "smoke"
author	Lars Wirzenius <liw@liw.fi>	2021-03-07 09:01:23 +0200
committer	Lars Wirzenius <liw@liw.fi>	2021-03-07 12:25:19 +0200
commit	4621b07522564f6a3c1c2ad0484fb88cf0e2ce49 (patch)
tree	8f8c33437771322c2c5c2c40d79151320beb2beb /vmadm.md
parent	a6f802fda57fc7e951c0374a268de2274718cd9d (diff)
download	vmadm-4621b07522564f6a3c1c2ad0484fb88cf0e2ce49.tar.gz