معرفی شرکت ها

ca-client-0.1.0

Card image cap
تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر
Card image cap
تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر
Card image cap
تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر
Card image cap
تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر
Card image cap
تبلیغات ما

مشتریان به طور فزاینده ای آنلاین هستند. تبلیغات می تواند به آنها کمک کند تا کسب و کار شما را پیدا کنند.

مشاهده بیشتر
0.1.0
0.1.0

توضیحات

SSH CA Client
ویژگی مقدار
سیستم عامل -
نام فایل ca-client-0.1.0
نام ca-client
نسخه کتابخانه 0.1.0
نگهدارنده []
ایمیل نگهدارنده []
نویسنده CommerceHub
ایمیل نویسنده -
آدرس صفحه اصلی https://github.com/commercehub-oss/ssh-ca-client
آدرس اینترنتی https://pypi.org/project/ca-client/
مجوز -
# SSH CA Client Client for interacting with [SSH CA Server](https://github.com/commercehub-oss/ssh-ca-server). ## Installation instructions 1. Install ca-client ``` pip install ca-client ``` ## Client Usage ca-client is used to interact with the [SSH CA server]((https://github.com/commercehub-oss/ssh-ca-server)). The client uses HTTP auth to verify identity and provides facilities for listing roles, signing public keys and getting CA certificates. After completing a signing request ca-client will load the signed certificate and private key into memory with ssh-agent. ssh-agent will sling certs at a remote host until a successful challenge response occurs granting access to the remote host. By default sshd will reject the client after 5 failed attempts. ca-client will not load a certificate with ssh-agent if it will exceed 5 active certificates. The private key and signed certificate must be loaded with ssh-agent and both count towards the limit of 5. Certificates loaded with ssh-agent do not persist a reboot. Following a reboot you can reload using ssh-add or initiate a new signing request with ca-client. The first time ca-client is executed you must provide the FQDN of the CA server and the default certificate authority to use when issueing a signing request. ``` $ ca-client Failed to load configuration from /Users/username/.ca-client/config.json Enter FQDN of CA Server: ca-server.mydomain.com Enter name of default CA: nonproduction Loading configuration from /Users/username/.ca-client/config.json ``` Client configuration example: ``` $ cat ~/.ca-client/config.json { "DEFAULT_CA": "nonproduction", "BASE_URL": "https://ca-server.mydomain.com" } ``` ca-client command line usage: ``` usage: ca-client [-h] [-s CA | -r | -c | -k CA] Tool to sign your public SSH key optional arguments: -h, --help show this help message and exit -s CA, --sign CA certificate signing request -u USER, --user USER optional username for signing request -r, --list-roles list my authorized roles -c, --list-cas list available CAs -k CA, --get-key CA list public key for CA ``` List your authorized roles: ``` $ ca-client -r Role: ssh-admin-group Description: Super Admin Role Allowed Principals: admin Allowed CAs: production,nonproduction ``` List available certificate authorities: ``` $ ca-client -c CA name: nonproduction Max duration: 30d CA name: production Max duration: 24h ``` Initiate signing request for the nonproduction certificate authority: ``` $ ca-client -s nonproduction Please enter password for username: /Users/username/.ssh/nonproduction_rsa-cert.pub updated Identity added: /Users/username/.ssh/nonproduction_rsa (/Users/username/.ssh/nonproduction_rsa) Certificate added: /Users/username/.ssh/nonproduction_rsa-cert.pub (username) Identity loaded for current session but ssh-agent will not persist identities on reboot If using bash you can add the following command to your .bash_profile ssh-add /Users/username/.ssh/nonproduction_rsa ``` The ca-client will create a unique keypair for each of the requested certificate authorities within the users .ssh folder. Example users .ssh folder after requesting certs from production and nonproduction certificate authority. ``` $ ls ~/.ssh nonproduction_rsa nonproduction_rsa-cert.pub nonproduction_rsa.pub production_rsa production_rsa-cert.pub production_rsa.pub ``` The below examples shows the result of a successfully signed SSH certificate: ``` $ ssh-keygen -L -f ~/.ssh/nonproduction_rsa-cert.pub ~/.ssh/nonproduction_rsa-cert.pub: Type: ssh-rsa-cert-v01@openssh.com user certificate Public key: RSA-CERT 3c:3d:47:... Signing CA: RSA 2b:2a:23:... Key ID: "username" Serial: 12515602213705584981 Valid: from 2017-02-06T17:03:00 to 2017-03-08T17:04:44 Principals: username admin Critical Options: (none) Extensions: permit-X11-forwarding permit-agent-forwarding permit-port-forwarding permit-pty permit-user-rc ```


نیازمندی

مقدار نام
>=1.1 argparse
>=2.13.0 requests


نحوه نصب


نصب پکیج whl ca-client-0.1.0:

    pip install ca-client-0.1.0.whl


نصب پکیج tar.gz ca-client-0.1.0:

    pip install ca-client-0.1.0.tar.gz