BitRot |
BitRot

's personal site and blog.

Recent Blog Posts

2016 in review

This is a post of accomplishments from 2016, gathered throughout the year. Some of these will be vague, some quite verbose. I’ll include links to what I can.

SSH CA bastion host

I recently built a SSH CA wrapper script, that handles a lot of the bookkeeping around running a CA for SSH. The wrapper works great, but we discussed how we could use it at work to solve the KRL distribution problem. Basically, it comes down to reducing the validity windows of the certificates we issue, which means we need an automatic way to issue certificates. As such, I’d like to introduce SSH-ACME!

SSH-CA: the Essential Guide

This post is a personal request from a colleague who wanted to know the bare minimum needed to work with my ssh-ca script. Once you have the script (self-contained, no need for my entire bashfiles):

ssh-ca setup
ssh-ca sign ~/.ssh/id_rsa
ssh-ca install myuser@myserver.example.com