Updated doc.txt and updatecerts.sh (added AuthorizedPrincipalsFile).

diff --git a/doc.txt b/doc.txt
index a18d86879a61f867511958f539a2debf98f953fb..ebb1d034838de2f08674eb80bd322613ccaf7edb 100644 (file)
--- a/doc.txt
+++ b/doc.txt
@@ -4,6 +4,12 @@ user CA generation:
 user CA setup (as root on ssh servers):
   cat user-CA.pub >>/etc/ssh/trusted-user-ca.keys
   echo "TrustedUserCAKeys /etc/ssh/trusted-user-ca.keys" >/etc/ssh/sshd_config.d/99-user-CA.conf
+  >/etc/ssh/authorized-principals.root
+  echo "fritter" >>/etc/ssh/authorized-principals.root
+  echo "mszabo" >>/etc/ssh/authorized-principals.root
+  echo "scripts" >>/etc/ssh/authorized-principals.root
+  echo "zfelleg" >>/etc/ssh/authorized-principals.root
+  echo "AuthorizedPrincipalsFile /etc/ssh/authorized-principals.%u" >/etc/ssh/sshd_config.d/99-principals-file.conf
 
 user key generation:
   ssh-keygen -t ed25519 -C <key comment> -f <key file>

diff --git a/updatecerts.sh b/updatecerts.sh
index 840f886553f9675f68b2f8efc8f1ce7486ab9791..81700734bba6901f83f7b2113c6d57a12115b579 100755 (executable)
--- a/updatecerts.sh
+++ b/updatecerts.sh
@@ -25,7 +25,7 @@ case "$CERT_QUARTER" in
         CERT_END_YYYYMMDD="${CERT_YEAR}0501"
         ;;
     "2")
-        # apr 1 - jul 30
+        # apr 1 - jul 31
         CERT_START_YYYYMMDD="${CERT_YEAR}0401"
         CERT_END_YYYYMMDD="${CERT_YEAR}0801"
         ;;
@@ -48,8 +48,8 @@ esac
 
 for CERT_NAME in fritter mszabo scripts zfelleg
 do
-    ssh-keygen -I $CERT_NAME \
-               -n "${CERT_NAME},root" \
+    ssh-keygen -I ${CERT_NAME}-$CERT_YEAR_QUARTER \
+               -n "$CERT_NAME" \
                -s user-CA \
                -V ${CERT_START_YYYYMMDD}:$CERT_END_YYYYMMDD \
                ${CERT_NAME}.pub