diff options
author | Niall Sheridan <nsheridan@gmail.com> | 2016-04-19 22:21:41 +0100 |
---|---|---|
committer | Niall Sheridan <nsheridan@gmail.com> | 2016-04-19 22:21:41 +0100 |
commit | e4a7e98da690dc41281aab200af14ce54026515b (patch) | |
tree | 92e742786c9c893690b830ca4e093926dcadca75 | |
parent | b0a0d15d9881b4cd04f8ca623e6e79b2e39a5f5f (diff) |
Fix links
I can never remember how markdown links work.
-rw-r--r-- | README.md | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -33,7 +33,7 @@ The user can now ssh to the production machine. # Usage Cashier comes in two parts, a [client](client) and a [server](server). The client is configured using command-line flags. -The server is configured using a JSON configuration file - [exampleconfig.json](example). +The server is configured using a JSON configuration file - [example](exampleconfig.json). For the server you _need_ the following: - A new ssh private key. Generate one in the usual way using `ssh-keygen -f ssh_ca`. At this time Cashier supports RSA and ECDSA keys @@ -62,7 +62,7 @@ Configuration is divided into three sections: `server`, `auth`, and `ssh`. - `signing_key`: string. Path to the signing ssh private key you created earlier. - `additional_principals`: array of string. By default certificates will have one principal set - the username portion of the requester's email address. If `additional_principals` is set, these will be added to the certificate e.g. if your production machines use shared user accounts. - `max_age`: string. If set the server will not issue certificates with an expiration value longer than this, regardless of what the client requests. -- `permissions`: array of string. Actions the certificate can perform. See the [http://man.openbsd.org/OpenBSD-current/man1/ssh-keygen.1](`-O` option to `ssh-keygen(1)`) for a complete list. +- `permissions`: array of string. Actions the certificate can perform. See the [`-O` option to `ssh-keygen(1)`](http://man.openbsd.org/OpenBSD-current/man1/ssh-keygen.1) for a complete list. Note: Cashier does not implement signing host keys at this time. |