diff options
| author | Dmitri Iouchtchenko <johnnyspoon@gmail.com> | 2016-08-31 13:53:12 -0400 |
|---|---|---|
| committer | Dmitri Iouchtchenko <johnnyspoon@gmail.com> | 2016-08-31 13:53:12 -0400 |
| commit | 71c01e6ffe7c8f418e0a87bb30f5b1b7df2f882c (patch) | |
| tree | d498b06e98a2a78fe217534e66b073bb97fe1d6f /doc | |
| parent | 815f6971170fc68c724f7b0fb748e3d9336b54e6 (diff) | |
| download | bcfg2-71c01e6ffe7c8f418e0a87bb30f5b1b7df2f882c.tar.gz bcfg2-71c01e6ffe7c8f418e0a87bb30f5b1b7df2f882c.tar.bz2 bcfg2-71c01e6ffe7c8f418e0a87bb30f5b1b7df2f882c.zip | |
doc: Mention support for Ed25519 in SSHbase
It has been possible to generate Ed25519 keys since commit
30a2bae0a92e8ba75fc10cc6eba4a6dddcecd2b6.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/appendix/guides/import-existing-ssh-keys.txt | 7 | ||||
| -rw-r--r-- | doc/server/plugins/generators/sshbase.txt | 31 |
2 files changed, 21 insertions, 17 deletions
diff --git a/doc/appendix/guides/import-existing-ssh-keys.txt b/doc/appendix/guides/import-existing-ssh-keys.txt index 4e2282044..225844448 100644 --- a/doc/appendix/guides/import-existing-ssh-keys.txt +++ b/doc/appendix/guides/import-existing-ssh-keys.txt @@ -40,9 +40,12 @@ files explicity: <!-- requires a version of openssh that can generate ecdsa keys --> <Path name="/etc/ssh/ssh_host_ecdsa_key"/> <Path name="/etc/ssh/ssh_host_ecdsa_key.pub"/> + <!-- requires a version of openssh that can generate ed25519 keys --> + <Path name="/etc/ssh/ssh_host_ed25519_key"/> + <Path name="/etc/ssh/ssh_host_ed25519_key.pub"/> <Path name='/etc/ssh/ssh_host_dsa_key'/> - <Path name='/etc/ssh/ssh_host_rsa_key'/> <Path name='/etc/ssh/ssh_host_dsa_key.pub'/> + <Path name='/etc/ssh/ssh_host_rsa_key'/> <Path name='/etc/ssh/ssh_host_rsa_key.pub'/> <Path name='/etc/ssh/ssh_host_key'/> <Path name='/etc/ssh/ssh_host_key.pub'/> @@ -97,7 +100,7 @@ Now, we pull the ssh host key data for the client out of the uploaded stats and insert it as host-specific copies of these files in ``/var/lib/bcfg2/SSHBase``.:: - for key in ssh_host_ecdsa_key ssh_host_rsa_key ssh_host_dsa_key ssh_host_key; do + for key in ssh_host_ed25519_key ssh_host_ecdsa_key ssh_host_rsa_key ssh_host_dsa_key ssh_host_key; do sudo bcfg2-admin pull <clientname> Path /etc/ssh/$key sudo bcfg2-admin pull <clientname> Path /etc/ssh/$key.pub done diff --git a/doc/server/plugins/generators/sshbase.txt b/doc/server/plugins/generators/sshbase.txt index 540cc1e06..26c1a8121 100644 --- a/doc/server/plugins/generators/sshbase.txt +++ b/doc/server/plugins/generators/sshbase.txt @@ -14,8 +14,8 @@ record for the current system. It has two functions: -* Generating new ssh keys -- When a client requests a ecdsa, dsa, rsa, - or v1 key, and there is no existing key in the repository, one is +* Generating new ssh keys -- When a client requests a key (v1, rsa, + ecdsa, etc.), and there is no existing key in the repository, one is generated. * Maintaining the ``ssh_known_hosts`` file -- all current known public @@ -73,6 +73,7 @@ SSHbase currently supports the following key formats: * RSA2 (``ssh_host_rsa_key``, ``ssh_host_rsa_key.pub``) * DSA (``ssh_host_dsa_key``, ``ssh_host_dsa_key.pub``) * ECDSA (``ssh_host_ecdsa_key``, ``ssh_host_ecdsa_key.pub``) +* Ed25519 (``ssh_host_ed25519_key``, ``ssh_host_ed25519_key.pub``) Group-specific keys =================== @@ -143,19 +144,19 @@ control the permissions and other metadata for the keys and Default permissions are as follows: -+----------------------------------+-------+-------+------+-----------+----------+----------+ -| File | owner | group | mode | sensitive | paranoid | encoding | -+==================================+=======+=======+======+===========+==========+==========+ -| ssh_known_hosts | root | root | 0644 | false | false | None | -+----------------------------------+-------+-------+------+-----------+----------+----------+ -| ssh_host_key | root | root | 0600 | false | false | base64 | -+----------------------------------+-------+-------+------+-----------+----------+----------+ -| ssh_host_key.pub | root | root | 0644 | false | false | base64 | -+----------------------------------+-------+-------+------+-----------+----------+----------+ -| ssh_host_[rsa|dsa|ecdsa]_key | root | root | 0600 | false | false | None | -+----------------------------------+-------+-------+------+-----------+----------+----------+ -| ssh_host_[rsa|dsa|ecdsa]_key.pub | root | root | 0644 | false | false | None | -+----------------------------------+-------+-------+------+-----------+----------+----------+ ++------------------------------------------+-------+-------+------+-----------+----------+----------+ +| File | owner | group | mode | sensitive | paranoid | encoding | ++==========================================+=======+=======+======+===========+==========+==========+ +| ssh_known_hosts | root | root | 0644 | false | false | None | ++------------------------------------------+-------+-------+------+-----------+----------+----------+ +| ssh_host_key | root | root | 0600 | false | false | base64 | ++------------------------------------------+-------+-------+------+-----------+----------+----------+ +| ssh_host_key.pub | root | root | 0644 | false | false | base64 | ++------------------------------------------+-------+-------+------+-----------+----------+----------+ +| ssh_host_[rsa|dsa|ecdsa|ed25519]_key | root | root | 0600 | false | false | None | ++------------------------------------------+-------+-------+------+-----------+----------+----------+ +| ssh_host_[rsa|dsa|ecdsa|ed25519]_key.pub | root | root | 0644 | false | false | None | ++------------------------------------------+-------+-------+------+-----------+----------+----------+ Note that the ``sensitive`` attribute is false, even for private keys, in order to permit :ref:`pulling with bcfg2-admin |