Documentation ¶
Index ¶
Constants ¶
const (
// ServerName is the name that the CA client expects to find the server at.
ServerName = "CA"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CertificateType ¶
type CertificateType bool
CertificateType represents the type of the certificate in the request
const ( // HostCertificate represents a SSH host certficate HostCertificate CertificateType = true // UserCertificate represents a SSH user certificate UserCertificate CertificateType = false )
func (CertificateType) Args ¶ added in v1.1.1
func (ct CertificateType) Args() []string
Args converts the CertificateType into ssh-keygen args.
func (CertificateType) String ¶
func (ct CertificateType) String() string
String implementation for Stringer.
type Client ¶
Client wraps rpc.Client and provides functions to call the SSH CA RPCs.
func (Client) GetCAPublicKey ¶
func (c Client) GetCAPublicKey() (*PublicKeyReply, error)
GetCAPublicKey represents the GetCAPublicKey RPC call
type PublicKey ¶ added in v1.1.0
type PublicKey struct { Data []byte // contains filtered or unexported fields }
PublicKey is a wrapper around an ssh.PublicKey which uses the file representation, rather than the wire representation.
func NewPublicKey ¶ added in v1.1.0
NewPublicKey creates a new PublicKey from a file.
func (*PublicKey) Fingerprint ¶ added in v1.1.0
Fingerprint returns the SHA256 fingerprint of the public key.
type PublicKeyReply ¶
type PublicKeyReply struct {
CAPublicKey *PublicKey
}
PublicKeyReply encapsulates the public key of the CA and represents the value of GetCAPublicKey.
type Server ¶
type Server struct { // PrivateKeyPath is the path to the private key for the CA. // This is never read by the program, but rather used as an argument for // ssh-keygen. PrivateKeyPath string // PublicKey is the public key of the CA. // This is read into the server on startup in order to respond to // GetCAPublicKey. PublicKey *PublicKey // True iff confirmation should be skipped when responding to SignPublicKey. SkipConfirmation bool // contains filtered or unexported fields }
Server encapsulates a SSH CA and provides a net/rpc compatible type signature. It exposes functions to sign public keys and return the public CA certificate.
func NewServer ¶
NewServer constructs a CAServer using the paths to a SSH CA private key and public key. If publicKeyPath is the empty string, it is inferred from the privateKeyPath.
func (Server) GetCAPublicKey ¶
func (ca Server) GetCAPublicKey(args struct{}, reply *PublicKeyReply) error
GetCAPublicKey returns the public key of the trusted CA
type SignArgs ¶
type SignArgs struct { // Identity is passed as the argument to -I in ssh-keygen. Identity string // CertificateType represents the type of certificate to be generated. If it's a host // certificate, then -h is passed to ssh-keygen. CertificateType CertificateType // Principals is passed as the argument to -n to ssh-keygen. Principals []string // PublicKey contains the regular SSH public key that is being signed. PublicKey *PublicKey }
SignArgs represents the options available (or at least an important subset of them) when generating the command line.