search

cloudtools / ssh-cert-authority

An implementation of an SSH certificate authority.
BSD 2-Clause "Simplified" License
723 stars 71 forks source link

Any way to get a list of pending signing requests? #12

Closed hany closed 8 years ago

hany commented 8 years ago

Right now, it appears that a signer requires access to the server hosting ssh-cert-authority in order to view the logs to get access to the signing IDs (that, or the requestor has to provide it by other means). Is there a way to get a list of pending signing requests automatically?

bobveznat commented 8 years ago

Sort of. I think what you want is an ssh-cert-authority list subcommand? The API exists on the server, you can see this data via curl:

$ curl http://localhost:8080/cert/requests

The way we use this is via the Slack integration. Whenever a request is created or signed messages are posted to Slack. They look like this:

ssh-cert-authorityBOT [9:17 AM] 
SSH cert request from user@example.com with id QATLF2ALPVTO7LLL for Ticket-9722 - need to restart stats_archiver, and hopefully get a core.

ssh-cert-authorityBOT [9:21 AM]
SSH cert QATLF2ALPVTO7LLL signed by someotheruser@example.com making 1/2 signatures.

The Slack integration is pretty cool. It really made life with the tool better. Do you use Slack? IRC? Something else?

bobveznat commented 8 years ago

I fixed this back in December. Somehow I forgot to close the issue. There now exists a list subcommand.

$ ./ssh-cert-authority request --config-file requester_config.json -e test
Please give a reason: testing the list subcommand
Cert request id: JXBW2ANOVVQ5QJZP

$ ./ssh-cert-authority list --config-file requester_config.json
2 JXBW2ANOVVQ5QJZP[test, 0/1]: bvz-ecdsa - testing the list subcommand