Closed cristiansavaro closed 8 years ago
Sadly this one might be really straight forward. The "get" method is a pile of convenience methods and in order to be convenient it makes some assumptions. Notably it assumes all of your ssh keys are in ~/.ssh.
The method works by scanning through $HOME/.ssh/*.pub for a file with a public key that matches the public key embedded in the cert that it just downloaded. OpenSSH is somewhat silly in how simple its code is for finding certificates. When you add a key to ssh-agent using ssh-add it looks for exactly one file named
That's the gist of it. Based on your ssh-add output I'm assuming your keys are in some other directory.
There are two work arounds:
Manually get certs:
$ curl your server
/cert/requests/42TUJNQ5Q6BQV4CT > test-cert.pub
$ ssh-add test
And then I'll toss a question back to you: do you normally put your keys in directories other than .ssh or was this only part of the test here? If you do keep them in other directories how would you prefer to have this work?
Thanks for your interest in the project, continue to reach out if you have any questions or concerns.
thanks for the answer !
i am trying to use this software but i am getting stuck at retrieving the signed key.
[root@ip-172-19-3-177 ~]# ./ssh-cert-authority get --environment production 42TUJNQ5Q6BQV4CT
Couldn't find ssh key for cert.
Previously I've signed successfully and here's the server message.
2016/05/21 19:03:04 Cert request serial 2 id 42TUJNQ5Q6BQV4CT env production from 10:ab:fd:4c:ad:e8:d9:17:e3:f6:38:82:3a:3f:27:ac (sava) @ 127.0.0.1:58826 principals [sdt_user] valid from 1463857264 to 1463864584 for 'Do important maintenance work' 2016/05/21 19:03:27 Received 1 signatures for 42TUJNQ5Q6BQV4CT, signing now.
I have my keys active with the agent:
[root@ip-172-19-3-177 ~]# ssh-add -l
2048 10:ab:fd:4c:ad:e8:d9:17:e3:f6:38:82:3a:3f:27:ac ./test (RSA)
4096 10:d7:ac:d1:86:d7:e1:4c:e9:27:76:d1:bb:1f:e2:92 ./ca-key-production (RSA)
what am i doing wrong ?