Steven Karas's personal site and blog.
2016 in review Posted on 01 Jan 2017
This is a post of accomplishments from 2016, gathered throughout the year. Some of these will be vague, some quite verbose. I’ll include links to what I can.
SSH CA bastion host Posted on 01 Nov 2016
I recently built a SSH CA wrapper script, that handles a lot of the bookkeeping around running a CA for SSH. The wrapper works great, but we discussed how we could use it at work to solve the KRL distribution problem. Basically, it comes down to reducing the validity windows of the certificates we issue, which means we need an automatic way to issue certificates. As such, I’d like to introduce SSH-ACME!
SSH-CA: the Essential Guide Posted on 15 Oct 2016
This post is a personal request from a colleague who wanted to know the bare minimum needed to work with my ssh-ca script. Once you have the script (self-contained, no need for my entire bashfiles):
ssh-ca setup ssh-ca sign ~/.ssh/id_rsa ssh-ca install email@example.com