{ "info": { "author": "CommerceHub", "author_email": "", "bugtrack_url": null, "classifiers": [ "Programming Language :: Python :: 2.7", "Programming Language :: Python :: 3.2", "Programming Language :: Python :: 3.3", "Programming Language :: Python :: 3.4", "Programming Language :: Python :: 3.5" ], "description": "# SSH CA Client\n\nClient for interacting with [SSH CA Server](https://github.com/commercehub-oss/ssh-ca-server).\n\n\n## Installation instructions\n\n1. Install ca-client\n ```\n pip install ca-client\n ```\n\n## Client Usage\n\nca-client is used to interact with the [SSH CA server]((https://github.com/commercehub-oss/ssh-ca-server)). The client uses HTTP auth to verify identity and provides facilities for listing roles, signing public keys and getting CA certificates.\n\nAfter completing a signing request ca-client will load the signed certificate and private key into memory with ssh-agent. ssh-agent will sling certs at a remote host until a successful challenge response occurs granting access to the remote host. By default sshd will reject the client after 5 failed attempts. ca-client will not load a certificate with ssh-agent if it will exceed 5 active certificates. The private key and signed certificate must be loaded with ssh-agent and both count towards the limit of 5.\n\nCertificates loaded with ssh-agent do not persist a reboot. Following a reboot you can reload using ssh-add or initiate a new signing request with ca-client.\n\n\nThe first time ca-client is executed you must provide the FQDN of the CA server and the default certificate authority to use when issueing a signing request.\n\n```\n$ ca-client\n\nFailed to load configuration from /Users/username/.ca-client/config.json\nEnter FQDN of CA Server: ca-server.mydomain.com\nEnter name of default CA: nonproduction\nLoading configuration from /Users/username/.ca-client/config.json\n```\n\nClient configuration example:\n```\n$ cat ~/.ca-client/config.json\n\n{\n \"DEFAULT_CA\": \"nonproduction\",\n \"BASE_URL\": \"https://ca-server.mydomain.com\"\n}\n```\n\nca-client command line usage:\n```\nusage: ca-client [-h] [-s CA | -r | -c | -k CA]\n\nTool to sign your public SSH key\n\noptional arguments:\n\t-h, --help show this help message and exit\n\t-s CA, --sign CA certificate signing request\n\t-u USER, --user USER optional username for signing request\n\t-r, --list-roles list my authorized roles\n\t-c, --list-cas list available CAs\n\t-k CA, --get-key CA list public key for CA\n```\n\nList your authorized roles:\n```\n$ ca-client -r\n\nRole: ssh-admin-group\nDescription: Super Admin Role\nAllowed Principals: admin\nAllowed CAs: production,nonproduction\n```\n\nList available certificate authorities:\n```\n$ ca-client -c\n\nCA name: nonproduction\nMax duration: 30d\n\nCA name: production\nMax duration: 24h\n```\n\nInitiate signing request for the nonproduction certificate authority:\n```\n$ ca-client -s nonproduction\nPlease enter password for username:\n\n/Users/username/.ssh/nonproduction_rsa-cert.pub updated\n\nIdentity added: /Users/username/.ssh/nonproduction_rsa (/Users/username/.ssh/nonproduction_rsa)\nCertificate added: /Users/username/.ssh/nonproduction_rsa-cert.pub (username)\nIdentity loaded for current session but ssh-agent will not persist identities on reboot\n\nIf using bash you can add the following command to your .bash_profile\nssh-add /Users/username/.ssh/nonproduction_rsa\n```\n\nThe ca-client will create a unique keypair for each of the requested certificate authorities within the users .ssh folder.\n\nExample users .ssh folder after requesting certs from production and nonproduction certificate authority.\n```\n$ ls ~/.ssh\n\nnonproduction_rsa nonproduction_rsa-cert.pub nonproduction_rsa.pub\nproduction_rsa production_rsa-cert.pub production_rsa.pub\n```\n\nThe below examples shows the result of a successfully signed SSH certificate:\n\n```\n$ ssh-keygen -L -f ~/.ssh/nonproduction_rsa-cert.pub \n\n~/.ssh/nonproduction_rsa-cert.pub:\n Type: ssh-rsa-cert-v01@openssh.com user certificate\n Public key: RSA-CERT 3c:3d:47:...\n Signing CA: RSA 2b:2a:23:...\n Key ID: \"username\"\n Serial: 12515602213705584981\n Valid: from 2017-02-06T17:03:00 to 2017-03-08T17:04:44\n Principals: \n username\n admin\n Critical Options: (none)\n Extensions: \n permit-X11-forwarding\n permit-agent-forwarding\n permit-port-forwarding\n permit-pty\n permit-user-rc\n```", "description_content_type": null, "docs_url": null, "download_url": "", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "https://github.com/commercehub-oss/ssh-ca-client", "keywords": "", "license": "", "maintainer": "", "maintainer_email": "", "name": "ca-client", "package_url": "https://pypi.org/project/ca-client/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/ca-client/", "project_urls": { "Homepage": "https://github.com/commercehub-oss/ssh-ca-client" }, "release_url": "https://pypi.org/project/ca-client/0.1.0/", "requires_dist": [ "argparse (>=1.1)", "requests (>=2.13.0)" ], "requires_python": "", "summary": "SSH CA Client", "version": "0.1.0" }, "last_serial": 2666619, "releases": { "0.1.0": [ { "comment_text": "", "digests": { "md5": "bca9140f9c1f59d3512ceafca42cdccc", "sha256": "5cca86ad5fefaab6dc755304a049e5c46757d4bf5f82a45f754916b71982ffcc" }, "downloads": -1, "filename": "ca_client-0.1.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "bca9140f9c1f59d3512ceafca42cdccc", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 12565, "upload_time": "2017-02-24T20:50:44", "url": "https://files.pythonhosted.org/packages/e5/00/5fabb87b65225e0869d1e6211046326a301b620158debaf6324dc1547d14/ca_client-0.1.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "fad9c53018c9fa9d3c0c0af8afd3f557", "sha256": "32f1207468b92aea05f34d3358a9f7dfb5a2bef69e2bd5ce2e59b9a8e0b78a9e" }, "downloads": -1, "filename": "ca_client-0.1.0-py3.3.egg", "has_sig": false, "md5_digest": "fad9c53018c9fa9d3c0c0af8afd3f557", "packagetype": "bdist_egg", "python_version": "3.3", "requires_python": null, "size": 18108, "upload_time": "2017-02-24T20:50:48", "url": "https://files.pythonhosted.org/packages/c0/6d/efbda8e9ce7e287fb540e69963a96065f5fb0b1b131cc53c8cfa75648faa/ca_client-0.1.0-py3.3.egg" }, { "comment_text": "", "digests": { "md5": "a8243fa383d4dca34560a6ec284f0946", "sha256": "28789cf612d4c64fdb371f8162352954d6c0bc34ae6333afbcb86cd21f050815" }, "downloads": -1, "filename": "ca-client-0.1.0.tar.gz", "has_sig": false, "md5_digest": "a8243fa383d4dca34560a6ec284f0946", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8206, "upload_time": "2017-02-24T20:50:46", "url": "https://files.pythonhosted.org/packages/5f/24/88b9b0202ca2aa375425d51f9f9554c31c167bf7f1a2b2c583da19834453/ca-client-0.1.0.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "bca9140f9c1f59d3512ceafca42cdccc", "sha256": "5cca86ad5fefaab6dc755304a049e5c46757d4bf5f82a45f754916b71982ffcc" }, "downloads": -1, "filename": "ca_client-0.1.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "bca9140f9c1f59d3512ceafca42cdccc", "packagetype": "bdist_wheel", "python_version": "py2.py3", "requires_python": null, "size": 12565, "upload_time": "2017-02-24T20:50:44", "url": "https://files.pythonhosted.org/packages/e5/00/5fabb87b65225e0869d1e6211046326a301b620158debaf6324dc1547d14/ca_client-0.1.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "fad9c53018c9fa9d3c0c0af8afd3f557", "sha256": "32f1207468b92aea05f34d3358a9f7dfb5a2bef69e2bd5ce2e59b9a8e0b78a9e" }, "downloads": -1, "filename": "ca_client-0.1.0-py3.3.egg", "has_sig": false, "md5_digest": "fad9c53018c9fa9d3c0c0af8afd3f557", "packagetype": "bdist_egg", "python_version": "3.3", "requires_python": null, "size": 18108, "upload_time": "2017-02-24T20:50:48", "url": "https://files.pythonhosted.org/packages/c0/6d/efbda8e9ce7e287fb540e69963a96065f5fb0b1b131cc53c8cfa75648faa/ca_client-0.1.0-py3.3.egg" }, { "comment_text": "", "digests": { "md5": "a8243fa383d4dca34560a6ec284f0946", "sha256": "28789cf612d4c64fdb371f8162352954d6c0bc34ae6333afbcb86cd21f050815" }, "downloads": -1, "filename": "ca-client-0.1.0.tar.gz", "has_sig": false, "md5_digest": "a8243fa383d4dca34560a6ec284f0946", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 8206, "upload_time": "2017-02-24T20:50:46", "url": "https://files.pythonhosted.org/packages/5f/24/88b9b0202ca2aa375425d51f9f9554c31c167bf7f1a2b2c583da19834453/ca-client-0.1.0.tar.gz" } ] }