crypt/step-ca-cli
1
0
Fork 0
mirror of https://github.com/smallstep/cli.git synced 2025-08-01 19:26:50 +03:00
Code Activity
3,765 Commits 19 Branches 342 Tags
master
Commit Graph

46 Commits

Author SHA1 Message Date
Herman Slatman
de85fd0cef Use github.com/smallstep/cli-utils and reorder imports 2024-09-30 13:25:46 +02:00
Mariano Cano
73429de6ea Move crypto/sshutil to an internal folder 2022-10-04 16:38:11 -07:00
Mariano Cano
116600896d Use pemutil, randutil, and keyutil from go.step.sm/crypto 2022-09-30 14:30:40 -07:00
Mariano Cano
2c2a8b5e79 Rename function 2022-02-01 14:17:37 -08:00
Mariano Cano
56f88b0108 Fill subject if empty for non-oidc provisioners. 2022-02-01 12:46:46 -08:00
Mariano Cano
3fdcde8caf Allow step ssh login without arguments for OIDC. 2022-01-31 19:40:58 -08:00
max furman
2881ea481e Remove internal ui package 2021-12-19 11:27:07 -05:00
max furman
e933aed82d Move hidden helper commands into functions. 2021-10-27 15:55:18 -07:00
max furman
f77ad08978 step ssh config working with --team 2021-10-27 15:55:18 -07:00
max furman
860c213b97 Initial step path contexts commit 
- move config and command packages to cli-utils
 2021-10-27 15:55:16 -07:00
Devon Mar
de01dd9a44 Add ssh needs-renewal command 2021-07-23 00:38:39 -07:00
Mariano Cano
915ad938e0 Append original subject to list of principals. 2021-04-29 12:52:35 -07:00
Mariano Cano
d2bce30295 Add local part of an email and email as a principals. 
For user certificates, if an email is passed as a principal, include
in the principals list the email, and the local-part. This imitates
the behavior for OIDC provisioners on other provisioners like JWK.

On `step ssh certificate` we will only include them if no principals
are passed using the `--principal` flag.

Fixes #389
 2020-10-13 14:49:19 -07:00
Mariano Cano
2c9b200510 Add missing key ids. 2020-09-02 18:17:41 -07:00
Mariano Cano
323847349a Revert "Remove ssh template flags and parameters." 
This reverts commit b5cf069f97.
 2020-08-27 16:57:40 -07:00
max furman
1145bf9332 Don't reuse san and principal flags to avoid confusing usage. 
Fixes #262
 2020-07-07 18:57:59 -07:00
Carl Tashian
edca641c81 Typo fix 2020-04-07 09:53:06 -07:00
Carl Tashian
027c916b9c Clarify principals flag for SSH certificates 2020-04-06 15:53:15 -07:00
David Cowden
8d3073d3dc ssh/certificate: Generate a random UUID by default 
Apparently some images don't properly handle the machine-id and it ends
up not being unique. By default play it safe and generate our own UUID.
Deriving a UUID from `/etc/machine-id` is still supported. To trigger
that behavior, pass 'machine' as the `--host-id` flag.
 2020-03-26 17:38:18 -07:00
David Cowden
9059e02238 ssh: Add machine-id hash to host certificate 
Alternatively, allow the user to specify their own UUID. Adding an ID
derived from the machine ID allows us to authorize hosts to access their
own resources by ID. The machine-id is not supposed to be sent around as
a raw UUID. So we HMAC it with an application "secret" and use the first
sixteen bytes of the resulting sha256 sum to as the entropy source when
generating a new "random" UUIDv4.
 2020-03-12 20:36:49 -07:00
Mariano Cano
93a358c301 Remove unused step ssh proxy command. 2020-01-28 13:34:00 -08:00
max furman
538f49f862 Remove final doubleprint of STEPDEBUG 2020-01-28 13:34:00 -08:00
max furman
34742e5b3e Double printing STEPDEBUG message 2020-01-28 13:34:00 -08:00
max furman
a8754c1c4b Add a few graceful errors to checkHost 2020-01-28 13:34:00 -08:00
Mariano Cano
abe8443629 Update certificates and addapt api. 2020-01-28 13:34:00 -08:00
Mariano Cano
88d192a4ab Improve step ssh docs. 2020-01-28 13:34:00 -08:00
Mariano Cano
4de6963683 Disable step ssh proxy. 2020-01-28 13:34:00 -08:00
Mariano Cano
e5cf3de1f5 Remove principals on OIDC and write identity in proxycommand. 2020-01-28 13:34:00 -08:00
Mariano Cano
b90ffd5323 Fix agent requirement in login. Fix user requirement for hosts. 2020-01-28 13:34:00 -08:00
Mariano Cano
4d7f26a754 Add identity certificate support to ssh login and certificate. 2020-01-28 13:34:00 -08:00
max furman
8988d4fc20 get-hosts -> hosts 
* pass nil arg to offline as a fill-in for now
 2020-01-28 13:33:59 -08:00
Mariano Cano
7e1224ebdd Add support for retry function in step ssh config. 2020-01-28 13:33:59 -08:00
max furman
b8d289b654 sshpop provisioner + ssh renew | revoke | rekey 2020-01-28 13:33:59 -08:00
Mariano Cano
e15938251f Add step ssh proxycommand. 
Fixes smallstep/ca-component#211
 2020-01-28 13:33:59 -08:00
Mariano Cano
f4ee72eb12 Add step ssh fingerprint command. 2020-01-28 13:33:59 -08:00
Mariano Cano
eafff001d1 Add initial support for check-host command. 2020-01-28 13:33:59 -08:00
Mariano Cano
3073eee944 Add step ssh proxy 
Fixes #167
 2020-01-28 13:33:59 -08:00
Mariano Cano
96e5ceea55 Move flags to variables. 2020-01-28 13:33:59 -08:00
Mariano Cano
60f3a03e3b Add step ssh list command. 2020-01-28 13:33:59 -08:00
Mariano Cano
dd4ec434c8 Enable config and logout commands. 2020-01-28 13:33:59 -08:00
Mariano Cano
7433fc0035 Use sshutil.Agent. 
Move flag variable to ssh.go
 2020-01-28 13:33:59 -08:00
Mariano Cano
1c6a93b6e5 Add step ssh inspect command. 2020-01-28 13:33:59 -08:00
Mariano Cano
755da68ca4 Add initial implementation of step ssh login. 2020-01-28 13:33:59 -08:00
Mariano Cano
59fa1ba3f8 Update examples. 2019-09-06 00:02:12 +02:00
Mariano Cano
49579b9969 Rename command to step ssh certificate 2019-08-14 16:33:53 -07:00
Mariano Cano
99e5cb985f Move ssh code to new package 2019-08-14 13:02:03 -07:00