SSH Certificate Authority

[s-newman]

SSH Certificate Authority

An SSH CA should be set up with Vault to simplify SSH key-based authentication on the local RITSEC nodes (mgmtXX, novaXX, and storXX). Would also be useful to make it possible to authenticate to AWS nodes through the same method.

Depends on

This issue depends on the following issues:

• [x] #3

Tasks

All of the following tasks must be complete before this issue can be closed. Be sure to reference this issue in the relevant issues/PRs in other repositories.

• [x] Configure Vault to be an SSH CA
• [x] Update RITSEC nodes to authenticate via the SSH CA
• [x] Explain how to set up local node to use the SSH CA in documentation
• [x] Explain how to spin up an AWS instance that will use the SSH CA in documentation

[s-newman]

This HashiCorp guide is being used to complete this task.

[s-newman]

Theoretically this should now work. TODO: does it actually work?

[s-newman]

Yikes I lowkey locked myself out of all the boxes because the role I used sets PasswordAuthentication to no... It's a good thing I still have access to one of the boxes. Time to see if the key worked, or do some jank manual management.

[s-newman]

Holy bejeebus it worked, thank god.