Mercurial > index.cgi > dotfiles
changeset 167:88ed01a1094f
SSH Certificate signing
| author | Steve Huston <huston@astro.princeton.edu> |
|---|---|
| date | Thu, 25 Oct 2018 11:06:32 -0400 |
| parents | d7cd94900d0e |
| children | 282c9df47923 |
| files | .bash_aliases |
| diffstat | 1 files changed, 12 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/.bash_aliases Sun Oct 21 20:53:14 2018 -0400 +++ b/.bash_aliases Thu Oct 25 11:06:32 2018 -0400 @@ -70,6 +70,18 @@ } alias x='ssh xanadu.astro.princeton.edu' +# SSH key signing with Vault for administration +cert() { + export VAULT_ADDR='https://ajax.rc.princeton.edu:8200' + ssh-add -d $HOME/.ssh/picscie.pvt-cert.pub > /dev/null 2>&1 + if vault login -method=radius username=vi-srh; then + vault write -field=signed_key ssh-client-signer/sign/root public_key=@$HOME/.ssh/picscie.pub > $HOME/.ssh/picscie.pvt-cert.pub + ssh-add $HOME/.ssh/picscie.pvt + else + echo Failed to login to vault, aborting + fi +} + # Proxying/tunneling - predominantly for my Mac laptop proxy() { PROXY_HOST=csesbh.princeton.edu