diff options
author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-10-07 09:51:59 -0400 |
---|---|---|
committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2013-10-07 09:51:59 -0400 |
commit | 45863fb1d059b420fef3739acb75e15d234f30e3 (patch) | |
tree | 79af358133fbb32179b3ee9e51fb761c863dda31 /doc | |
parent | 57aa79fa5acf676694e6d653d9d04753383723fb (diff) | |
download | bcfg2-45863fb1d059b420fef3739acb75e15d234f30e3.tar.gz bcfg2-45863fb1d059b420fef3739acb75e15d234f30e3.tar.bz2 bcfg2-45863fb1d059b420fef3739acb75e15d234f30e3.zip |
SSHbase: support encryption of generated ssh keys
Diffstat (limited to 'doc')
-rw-r--r-- | doc/server/plugins/generators/sshbase.txt | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/doc/server/plugins/generators/sshbase.txt b/doc/server/plugins/generators/sshbase.txt index 2b6c8640b..641b9c598 100644 --- a/doc/server/plugins/generators/sshbase.txt +++ b/doc/server/plugins/generators/sshbase.txt @@ -160,6 +160,17 @@ in order to permit :ref:`pulling with bcfg2-admin <server-admin-pull>`. You should almost certainly set ``sensitive`` to "true" in ``info.xml``. +Encryption +========== + +SSHbase can optionally encrypt the private keys that it generates. To +enable this feature, set the ``passphrase`` option in the +``[sshbase]`` section of ``bcfg2.conf`` to the name of the passphrase +that should be used to encrypt all SSH keys. (The passphrases are +enumerated in the ``[encryption]`` section.) See +:ref:`server-encryption` for more details on Bcfg2 encryption in +general. + Blog post ========= |