diff options
author | Niall Sheridan <nsheridan@gmail.com> | 2016-04-30 19:04:11 +0100 |
---|---|---|
committer | Niall Sheridan <nsheridan@gmail.com> | 2016-04-30 19:04:11 +0100 |
commit | 8b50e3634a1a278119005ef0986b4a6d23065fc2 (patch) | |
tree | 0b183480bc965978db29d2dbe464a7e809e7b75c /README.md | |
parent | c6bf0a05763f567079cb464212a17b89b75f1a50 (diff) |
Update readme
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 9 |
1 files changed, 6 insertions, 3 deletions
@@ -40,8 +40,8 @@ Cashier comes in two parts, a [client](client) and a [server](server). The client is configured using command-line flags. The server is configured using a JSON configuration file - [example](exampleconfig.json). -For the server you _need_ the following: -- A new ssh private key. Generate one in the usual way using `ssh-keygen -f ssh_ca` - this is your CA signing key. At this time Cashier supports RSA and ECDSA keys. *Important* This key should be kept safe - _ANY_ ssh key signed with this key will be able to access your machines. +For the server you need the following: +- A new ssh private key. Generate one in the usual way using `ssh-keygen -f ssh_ca` - this is your CA signing key. At this time Cashier supports RSA and ECDSA keys. *Important* This key should be kept safe - *ANY* ssh key signed with this key will be able to access your machines. - Google OAuth credentials which you can generate at the [Google Developers Console](https://console.developers.google.com). You also need to set the callback URL here. @@ -98,5 +98,8 @@ The ssh server needs to trust the public part of the CA signing key. Add somethi TrustedUserCAKeys /etc/ssh/ca.pub ``` -Note: Cashier does not implement signing host keys at this time. +## Future Work +- Host certificates - only user certificates are supported at present. +- Record issued certs. +- Cert revocation - depends on recording issued certs. |