Closed trebortech closed 2 years ago
qpernil
commented
2 years ago Here is documentation https://developers.yubico.com/YubiHSM2/Usage_Guides/OpenSSH_certificates.html I'd also recommend looking at examples/ssh.c in the source for yubihsm-shell.
Let me know if this doesn't solve your issue.
trebortech
commented
2 years ago Thanks Per, that page doesn't provide the level of detail I was looking for. Thanks for the ssh.c tip. I'll dig into that.
What someone did provide me was the following link that provides an example. This cleared up a bunch of confusion I had with my calls to the YubiHSM.
I'm trying to utilize the YubiHSM for SSH Cert creation and I'm running into a wall with the template format and the request format.
I've been able to execute this workflow with ssh-keygen -s .... but I can not get it to work with YubiHSM.
Q1. For the certify command it requires a request file to be provided. Can you provide a sample of the request file format? I haven't had much success trying to create this file and I haven't found documentation on it. AFAIK ssh-keygen doesn't have a switch to export the request without the -s CA being specified.
Thanks