diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-12 13:48:41 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-12 13:48:41 +0100 |
| commit | ff32ceaae000fbc44eb54bd01fe4b7bd77995b37 (patch) | |
| tree | fb313ee2003da177704ba10c3da9bb7414f22935 /system-profiles/openssh/known-hosts/ca-sign.gup | |
| parent | a7c15eb497d95f04e36ab90d84c37cdde71c8e0e (diff) | |
| download | nixos-ff32ceaae000fbc44eb54bd01fe4b7bd77995b37.tar nixos-ff32ceaae000fbc44eb54bd01fe4b7bd77995b37.tar.gz nixos-ff32ceaae000fbc44eb54bd01fe4b7bd77995b37.tar.bz2 nixos-ff32ceaae000fbc44eb54bd01fe4b7bd77995b37.tar.xz nixos-ff32ceaae000fbc44eb54bd01fe4b7bd77995b37.zip | |
openssh: certificate authority
Diffstat (limited to 'system-profiles/openssh/known-hosts/ca-sign.gup')
| -rw-r--r-- | system-profiles/openssh/known-hosts/ca-sign.gup | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/system-profiles/openssh/known-hosts/ca-sign.gup b/system-profiles/openssh/known-hosts/ca-sign.gup new file mode 100644 index 00000000..512f0e84 --- /dev/null +++ b/system-profiles/openssh/known-hosts/ca-sign.gup | |||
| @@ -0,0 +1,9 @@ | |||
| 1 | #!/usr/bin/env zsh | ||
| 2 | set -eu | ||
| 3 | |||
| 4 | keyFile=${2%"-cert.pub"}.pub | ||
| 5 | principalsFile=${keyFile:h}/host-principals | ||
| 6 | gup -u ${keyFile} ${principalsFile} | ||
| 7 | gup -u expiration | ||
| 8 | |||
| 9 | ssh-keygen -h -Us ../ca/ca.pub -I $(uuidgen) -z $(tai64dec) -V "-1d:$(cat expiration)" -n $(cat ${principalsFile}) -f $1 ${keyFile} \ No newline at end of file | ||