diff options
| author | fuero <fuero@users.noreply.github.com> | 2017-06-05 23:28:13 +0200 |
|---|---|---|
| committer | Niall Sheridan <nsheridan@gmail.com> | 2017-06-05 22:28:13 +0100 |
| commit | 321e26fae746e661d713cedfb6642609e680cafe (patch) | |
| tree | 4be9496c75aabc54325aac1b8b511223e986b8f7 /README.md | |
| parent | 8ee3c6473f3e2373303b9cb16ab5f059f9e6369e (diff) | |
Saving private keys (#61)
* enables saving private keys
* renames public_file_prefix to key_file_prefix and updates its docs to better reflect the changes
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 6 |
1 files changed, 3 insertions, 3 deletions
@@ -221,7 +221,7 @@ The client is configured using either a [HCL](https://github.com/hashicorp/hcl) - `--config` Path to config file (default "~/.cashier.conf"). - `--key_size` Key size. Ignored for ed25519 keys (default 2048). - `--key_type` Type of private key to generate - rsa, ecdsa or ed25519 (default "rsa"). -- `--public_file_prefix` Prefix for filename for public key and cert (optional, no default). The public key is put in a file with `.pub` appended to it; the public cert file in a file with `-cert.pub` appended to it. +- `--key_file_prefix` Prefix for filename for SSH keys and cert (optional, no default). The public key is put in a file with `id_<id>.pub` appended to it; the public cert file in a file with `id_<id>-cert.pub` appended to it. The private key is stored in a file with `id_<id>` appended to it. <id> is taken from the id stored on the server. - `--validity` Key validity (default 24h). Running the `cashier` cli tool will open a browser window at the configured CA address. @@ -230,13 +230,13 @@ Copy the access token. In the terminal where you ran the `cashier` cli paste the The client will then generate a new ssh key-pair and send the public part to the server (along with the access token). Once signed the client will install the key and signed certificate in your ssh agent. When the certificate expires it will be removed automatically from the agent. -If you set `public_file_prefix` then the public key and public cert will be written to the files that start with `public_file_prefix` and end with `.pub` and `-cert.pub` respectively. +If you set `key_file_prefix` then the public key and public cert will be written to the files that start with `key_file_prefix` and end with `.pub` and `-cert.pub` respectively. In your `ssh_config` you can load these for a given host with the `IdentityFile` and `CertificateFile`. However prior to OpenSSH version 7.2p1 the latter option didn't exist. In that case you could specify `~/.ssh/some-identity` as your `IdentityFile` and OpenSSH would look in `~/.ssh/some-identity.pub` and `~/.ssh/some-identity-cert.pub`. Starting with 7.2p1 the two options exist in the `ssh_config` and you'll need to use the full paths to them. -Note that like these `ssh_config` options, the `public_file_prefix` supports tilde expansion. +Note that like these `ssh_config` options, the `key_file_prefix` supports tilde expansion. ## Configuring SSH The ssh client needs no special configuration, just a running `ssh-agent`. |