From 4621b07522564f6a3c1c2ad0484fb88cf0e2ce49 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sun, 7 Mar 2021 09:01:23 +0200
Subject: feat: generate SSH key pairs, create host certificates

---
 vmadm.md | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

(limited to 'vmadm.md')

diff --git a/vmadm.md b/vmadm.md
index 73b4a52..0ba4f12 100644
--- a/vmadm.md
+++ b/vmadm.md
@@ -42,6 +42,8 @@ default_base_image: base.qcow2
 default_image_gib: 5
 default_memory_mib: 2048
 default_cpus: 1
+default_generate_host_certificate: true
+ca_key: ca_key
 authorized_keys:
   - .ssh/id_rsa.pub
 ~~~
@@ -50,14 +52,29 @@ authorized_keys:
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChZ6mVuGLBpW7SarFU/Tu6TemquNxatbMUZuTk8RqVtbkvTKeWFZ5h5tntWPHgST8ykYFaIrr8eYuKQkKdBxHW7H8kejTNwRu/rDbRYX5wxTn4jw4RVopGTpxMlGrWeu5CkWPoLAhQtIzzUAnrDGp9sqG6P1G4ohI61wZMFQta9R2uNxXnnes+e2r4Y78GxmlQH/o0ouI8fBnsxRK0IoSfFs2LutO6wjyzR59FdC9TT7wufd5kXMRzxsmPGeXzNcaqvHGxBvRucGFclCkqSRwk3GNEpXZQhlCIoTIoRu0IPAp/430tlx9zJMhhwDlZsOOXRrFYpdWVMSTAAKECLSYx liw@exolobe1
 ~~~
 
+~~~{#ca_key .file}
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACABAgbX2ZOvZUO42nZDbKYOaovzfaSH1uiXKjBFydy2igAAAJBWl8ZtVpfG
+bQAAAAtzc2gtZWQyNTUxOQAAACABAgbX2ZOvZUO42nZDbKYOaovzfaSH1uiXKjBFydy2ig
+AAAECD6VUD9Cl/oDBtGumplYGWkbYCWXTFDAb6CaeXyf1ErQECBtfZk69lQ7jadkNspg5q
+i/N9pIfW6JcqMEXJ3LaKAAAADGxpd0BleG9sb2JlMQE=
+-----END OPENSSH PRIVATE KEY-----
+~~~
+
 ~~~{#ssh_config .file}
 host *
-  userknownhostsfile=/dev/null
+  userknownhostsfile=ssh/known_hosts
   stricthostkeychecking=accept-new
   identityfile=.ssh/id_rsa
+  identitiesonly=yes
   passwordauthentication=no
 ~~~
 
+~~~{#known_hosts .file}
+@cert-authority * ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAECBtfZk69lQ7jadkNspg5qi/N9pIfW6JcqMEXJ3LaK
+~~~
+
 # Cloud-init configuration
 
 This scenario verifies that vmadm creates the cloud-init configuration
@@ -129,9 +146,11 @@ given an installed vmadm
 given a Debian 10 OpenStack cloud image
 given file smoke.yaml
 given file config.yaml
+given file ca_key
 given file .ssh/id_rsa from ssh_key
 given file .ssh/id_rsa.pub from ssh_key_pub
 given file .ssh/config from ssh_config
+given file .ssh/known_hosts from known_hosts
 when I invoke vmadm new --config config.yaml smoke.yaml
 when I invoke ssh -F .ssh/config debian@smoke hostname
 then stdout contains "smoke"
-- 
cgit v1.2.1