luxolus
/
open-vault
2
0
Fork 0
Code Issues 1 Pull Requests Releases Activity

Add algo signer to support openssl as of recent (#12438) 

"algorithm_signer": "rsa-sha2-256"
to prevent /var/log/auth.log `userauth_pubkey: certificate signature algorithm ssh-rsa: signature algorithm not supported [preauth]` due to vault defaulting to ssh-rsa which is insecure
This commit is contained in:
Mike Green 2022-01-19 16:37:00 -07:00 committed by GitHub
parent bd25ed1294
commit 364d7a9be1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
website/content/docs/secrets/ssh/signed-ssh-certificates.mdx
View File

@ -114,6 +114,7 @@ team, or configuration management tooling.
```text ```text
$ vault write ssh-client-signer/roles/my-role -<<"EOH" $ vault write ssh-client-signer/roles/my-role -<<"EOH"
{ {
"algorithm_signer": "rsa-sha2-256",
"allow_user_certificates": true, "allow_user_certificates": true,
"allowed_users": "*", "allowed_users": "*",
"allowed_extensions": "permit-pty,permit-port-forwarding", "allowed_extensions": "permit-pty,permit-port-forwarding",