Stanislav Grozev
7d59d7d3ac
Reads on ssh/config/ca return the public keys
...
If configured/generated.
2017-03-14 10:21:48 -04:00
Stanislav Grozev
830de2dbbd
If generating an SSH CA signing key - return the public part
...
So that the user can actually use the SSH CA, by adding the public key
to their respective sshd_config/authorized_keys, etc.
2017-03-14 10:21:48 -04:00
Vishal Nayak
220beb2cde
doc: ssh allowed_users update ( #2462 )
...
* doc: ssh allowed_users update
* added some more context in default_user field
2017-03-09 10:34:55 -05:00
vishalnayak
f085cd71ab
Fix typo
2017-03-08 17:49:39 -05:00
Vishal Nayak
766c2e6ee0
SSH CA enhancements ( #2442 )
...
* Use constants for storage paths
* Upgrade path for public key storage
* Fix calculateValidPrincipals, upgrade ca_private_key, and other changes
* Remove a print statement
* Added tests for upgrade case
* Make exporting consistent in creation bundle
* unexporting and constants
* Move keys into a struct instead of plain string
* minor changes
2017-03-08 17:36:21 -05:00
Jeff Mitchell
5119b173c4
Rename helper 'duration' to 'parseutil'. ( #2449 )
...
Add a ParseBool function that accepts various kinds of ways of
specifying booleans.
Have config use ParseBool for UI and disabling mlock/cache.
2017-03-07 11:21:22 -05:00
Vishal Nayak
4b81bcb379
ssh: Added DeleteOperation to config/ca ( #2434 )
...
* ssh: Added DeleteOperation to config/ca
* Address review feedback
2017-03-03 10:19:45 -05:00
Jeff Mitchell
55e69277ce
Update SSH CA logic/tests
2017-03-02 16:39:22 -05:00
Vishal Nayak
a1331278ff
Refactor the generate_signing_key processing ( #2430 )
2017-03-02 16:22:06 -05:00
Jeff Mitchell
fa474924aa
Update error text to make it more obvious what the issue is when valid principals aren't found
2017-03-02 15:56:08 -05:00
Jeff Mitchell
eca68d5913
Fix a bunch of errors from returning 5xx, and parse more duration types
2017-03-02 15:38:34 -05:00
Will May
70bfdb5ae9
Changes from code review
2017-03-02 14:36:13 -05:00
Will May
36b3d89604
Allow internal generation of the signing SSH key pair
2017-03-02 14:36:13 -05:00
Vishal Nayak
3795d2ea64
Rework ssh ca ( #2419 )
...
* docs: input format for default_critical_options and default_extensions
* s/sshca/ssh
* Added default_critical_options and default_extensions to the read endpoint of role
* Change default time return value to 0
2017-03-01 15:50:23 -05:00
Will May
9f75f84175
Changes from code review
...
Major changes are:
* Remove duplicate code
* Check the public key used to configure the backend is a valid one
2017-03-01 15:19:18 -05:00
Will May
ff1ff02bd7
Changes from code review
...
Major changes are:
* Change `allow_{user,host}_certificates` to default to false
* Add separate `allowed_domains` role property
2017-03-01 15:19:18 -05:00
Will May
099d561b20
Add ability to create SSH certificates
2017-03-01 15:19:18 -05:00
Jeff Mitchell
c81582fea0
More porting from rep ( #2388 )
...
* More porting from rep
* Address review feedback
2017-02-16 16:29:30 -05:00
vascop
ba3dc07bb3
Fix typo and remove trailing whitespace. ( #2074 )
2016-11-08 09:32:23 -05:00
vishalnayak
931c96d1ba
ssh: Use temporary file to store the identity file
2016-10-18 12:50:12 -04:00
vishalnayak
c26754000b
Fix ssh tests
2016-09-22 11:37:55 -04:00
vishalnayak
93604e1e2e
Added cidrutil helper
2016-09-21 13:58:32 -04:00
Jeff Mitchell
28739f3528
Decode secret internal data into struct and fix type assertion. ( #1781 )
2016-08-24 15:04:04 -04:00
Jeff Mitchell
58b32e5432
Convert to logxi
2016-08-21 18:13:37 -04:00
Jeff Mitchell
2860dcc60f
gofmt
2016-08-19 16:48:32 -04:00
vishalnayak
5367a7223d
Add allowed_roles to ssh-helper-config and return role name from verify call
2016-07-05 11:14:29 -04:00
Jeff Mitchell
86d2c796b0
Change AWS/SSH to reuse backend creation code for test functions
2016-06-01 12:17:47 -04:00
Jeff Mitchell
99c1e071f3
Remove most Root paths
2016-05-31 23:42:54 +00:00
vishalnayak
30fa7f304b
Allow * to be set for allowed_users
2016-05-30 03:12:43 -04:00
vishalnayak
971b2cb7b7
Do not allow any username to login if allowed_users is not set
2016-05-30 03:01:47 -04:00
Sean Chittenden
7a4b31ce51
Speling police
2016-05-15 09:58:36 -07:00
Jeff Mitchell
30ba5b7887
Merge pull request #1291 from mmickan/ssh-keyinstall-perms
...
Ensure authorized_keys file is readable when uninstalling an ssh key
2016-04-25 14:00:37 -04:00
vishalnayak
95abdebb06
Added AcceptanceTest boolean to logical.TestCase
2016-04-05 15:10:44 -04:00
Mark Mickan
a55124f0b6
Ensure authorized_keys file is readable when uninstalling an ssh key
...
Without this change, if the user running the ssh key install script doesn't
have read access to the authorized_keys file when uninstalling a key, all
keys will be deleted from the authorized_keys file.
Fixes GH #1285
2016-04-05 17:26:21 +09:30
vishalnayak
69bcbb28aa
rename verify_cert as disable_binding and invert the logic
2016-02-24 21:01:21 -05:00
vishalnayak
a6f3b31a36
ssh: Fix response code for ssh/verify
2016-02-16 19:46:29 -05:00
vishalnayak
f2e8ac0658
Fix SSH test cases.
2016-02-02 12:32:50 -05:00
Jeff Mitchell
d3a705f17b
Make backends much more consistent:
...
1) Use the new LeaseExtend
2) Use default values controlled by mount tuning/system defaults instead
of a random hard coded value
3) Remove grace periods
2016-01-29 20:03:37 -05:00
Jeff Mitchell
dd57a3f55d
Add listing of roles to ssh backend
2016-01-28 12:48:00 -05:00
Chi Vinh Le
f3e5e44cd0
Cleanly close SSH connections
2016-01-19 07:59:08 +01:00
Jeff Mitchell
9c5ad28632
Update deps, and adjust usage of go-uuid to match new return values
2016-01-13 13:40:08 -05:00
Jeff Mitchell
f3ce90164f
WriteOperation -> UpdateOperation
2016-01-08 13:03:03 -05:00
Jeff Mitchell
f2da5b639f
Migrate 'uuid' to 'go-uuid' to better fit HC naming convention
2015-12-16 12:56:20 -05:00
Jeff Mitchell
a9155ef85e
Use split-out hashicorp/uuid
2015-10-12 14:07:12 -04:00
Jeff Mitchell
645932a0df
Remove use of os/user as it cannot be run with CGO disabled
2015-10-02 18:43:38 -07:00
Jeff Mitchell
29c722dbb6
Enhance SSH backend documentation; remove getting of stored keys and have TTLs honor backends systemview values
2015-09-21 16:14:30 -04:00
Jeff Mitchell
b655f6b858
Add HMAC capability to salt. Pass a salt into audit backends. Require it for audit.Hash.
2015-09-18 17:38:22 -04:00
Jeff Mitchell
104b29ab04
Rename View to StorageView to make it more distinct from SystemView
2015-09-15 13:50:37 -04:00
vishalnayak
473c1d759d
Vault SSH: Testing credential creation on zero address roles
2015-09-10 11:55:07 -04:00
vishalnayak
d26497267c
Vault SSH: Expected data for testRoleRead
2015-09-10 10:44:26 -04:00