Added 2023q1 certificates.

diff --git a/doc.txt b/doc.txt
index e942f53ee9262c678d678b1f05a74a2ee5da7316..a18d86879a61f867511958f539a2debf98f953fb 100644 (file)
--- a/doc.txt
+++ b/doc.txt
@@ -12,7 +12,7 @@ user key generation:
 
 user key signing:
   ssh-keygen -I <certificate identity> \
-             -n <principals> \
+             [-n <principals>] \
              -s <user CA private key file> \
              -V <start YYYYMMDD[HHMM]:end YYYYMMDD[HHMM]> \
              [-z <serial number>] \
@@ -43,9 +43,11 @@ host CA setup (as root on ssh clients):
 host key signing (as root on ssh servers):
   ssh-keygen -h \
              -I <fqdn> \
-             -n <fqdn> \
+             [-n <fqdns>] \
              -s <host CA private key file> \
              /etc/ssh/ssh_host_ed25519_key.pub
+  where
+    fqdns: comma (and no space) separated target hosts
 
 host certificate setup (as root on ssh servers):
   echo "HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub" >/etc/ssh/sshd_config.d/99-host-cert.conf

diff --git a/fritter-cert.pub b/fritter-cert.pub
index c6b4c1f1969a4e8d19825ae3d9ac0383a3c08f55..7d85daf379f7e6a2b1c8fe3319d4e230f6a3922a 100644 (file)
--- a/fritter-cert.pub
+++ b/fritter-cert.pub
@@ -1 +1 @@
-ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIEmK+aQlZFLn2mCUjRAIFAO7hSVWHyWgZWqglco1QlSSAAAAIPAaO/dzM9k131thRHcVjqd8CTkjuKjCiB+S1WGE5gXAAAAAAAAAAAAAAAABAAAAB2ZyaXR0ZXIAAAATAAAAB2ZyaXR0ZXIAAAAEcm9vdAAAAABjN3TwAAAAAGPZnXAAAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAnH/111PHTVbW73hpsG3Z0SX2CCLc8SpoEZM5adJOq+QAAAFMAAAALc3NoLWVkMjU1MTkAAABAR68RXVdPDvOyutU2Wy2V//bYChLjVQiHSwTToArCSzFDEQF8+uJQhV+ViN+8PtGz5JubLerKj0MvpQR4KeJADg== fritter
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAILAR0mGa3VStGHu5HKE+xIgkX1IRbMGpn6zs7wMXLSjcAAAAIPAaO/dzM9k131thRHcVjqd8CTkjuKjCiB+S1WGE5gXAAAAAAAAAAAAAAAABAAAAB2ZyaXR0ZXIAAAATAAAAB2ZyaXR0ZXIAAAAEcm9vdAAAAABjsL7wAAAAAGRO8vAAAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAnH/111PHTVbW73hpsG3Z0SX2CCLc8SpoEZM5adJOq+QAAAFMAAAALc3NoLWVkMjU1MTkAAABAv2WWxkTsyXsYpPwg4z4OAyanTItS7iT/p4DZTOk7C3BGZB7wuDTE3qAjkyPVkROb8grqUSv3XnUCTidDn1CFDg== fritter

diff --git a/mszabo-cert.pub b/mszabo-cert.pub
index 8b3cac2e41a679c8b0834d700d1e44320eee23c9..508124d810af5ca9417ee48c1c90e4676308885e 100644 (file)
--- a/mszabo-cert.pub
+++ b/mszabo-cert.pub
@@ -1 +1 @@
-ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIKX87SOh2pp4BWyH8mpnhY8pAZBJ39sc2kVlhrjjEYFaAAAAIOZ2EkfObAMNmJA9LqC7M/ZXquYoZL/BUQjJRFHA9mq3AAAAAAAAAAAAAAABAAAABm1zemFibwAAABIAAAAGbXN6YWJvAAAABHJvb3QAAAAAYzd08AAAAABj2Z1wAAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgJx/9ddTx01W1u94abBt2dEl9ggi3PEqaBGTOWnSTqvkAAABTAAAAC3NzaC1lZDI1NTE5AAAAQH1sS9qxqkMFsB+OPfP7AzlNV4ee2uXvY57Chvhs2sN+p0K/Mj+c1Ewb7K/G4Ovcc5Q2wSRsVOsmjqjOvqxoQQA= mszabo
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIKev3N5BEoqzHuEZ0Ef8cqRRD0Bzul+bPieCCGlpuSWkAAAAIOZ2EkfObAMNmJA9LqC7M/ZXquYoZL/BUQjJRFHA9mq3AAAAAAAAAAAAAAABAAAABm1zemFibwAAABIAAAAGbXN6YWJvAAAABHJvb3QAAAAAY7C+8AAAAABkTvLwAAAAAAAAAIIAAAAVcGVybWl0LVgxMS1mb3J3YXJkaW5nAAAAAAAAABdwZXJtaXQtYWdlbnQtZm9yd2FyZGluZwAAAAAAAAAWcGVybWl0LXBvcnQtZm9yd2FyZGluZwAAAAAAAAAKcGVybWl0LXB0eQAAAAAAAAAOcGVybWl0LXVzZXItcmMAAAAAAAAAAAAAADMAAAALc3NoLWVkMjU1MTkAAAAgJx/9ddTx01W1u94abBt2dEl9ggi3PEqaBGTOWnSTqvkAAABTAAAAC3NzaC1lZDI1NTE5AAAAQGzCod4QDELf8VQgXP5sQTwiJz1u3ROoNjqUXvCGC0ltUe0hWLpRVzJVZmGDn4F7Va9V3YUjSIog5zLTioZkHwc= mszabo

diff --git a/scripts-cert.pub b/scripts-cert.pub
index ab67ef8a7788af1c61f0679e9a23ec0e88a734b9..7e8f4d0911a9fa7158eac70f0e9abf378366cdd3 100644 (file)
--- a/scripts-cert.pub
+++ b/scripts-cert.pub
@@ -1 +1 @@
-ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAINUVmhz1uvu1V2JjEFjSs7MLqkPe+syM/Ghek7EeV1cGAAAAIKi/tTFFqtdj0NgKdc3en1X10gD5x2ATTXMO3YhvuyRoAAAAAAAAAAAAAAABAAAAB3NjcmlwdHMAAAATAAAAB3NjcmlwdHMAAAAEcm9vdAAAAABjN3TwAAAAAGPZnXAAAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAnH/111PHTVbW73hpsG3Z0SX2CCLc8SpoEZM5adJOq+QAAAFMAAAALc3NoLWVkMjU1MTkAAABAg4lM3DHWPQ2j3IRg9f1Mpyfg7NP1LjhBvGENlffkYgVaosdtS8bzJs6u6HvbBm0DB2ev9eR60ia5mTsOrQMlBg== scripts
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIEWZvxaXeNiNQclEcTyk2c2Fufbo10beIAWulpsCULSNAAAAIKi/tTFFqtdj0NgKdc3en1X10gD5x2ATTXMO3YhvuyRoAAAAAAAAAAAAAAABAAAAB3NjcmlwdHMAAAATAAAAB3NjcmlwdHMAAAAEcm9vdAAAAABjsL7wAAAAAGRO8vAAAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAnH/111PHTVbW73hpsG3Z0SX2CCLc8SpoEZM5adJOq+QAAAFMAAAALc3NoLWVkMjU1MTkAAABANhV571S7J8WEoaDZNCpjzQuDVOG6ko2anK8U4ljpfuA6eHDGgOwL5sGQVf8wNxGFkITBFQpdKqgAyJFb8DYNCw== scripts

diff --git a/zfelleg b/zfelleg
index 48b7f1ae42d4532cc72d2a6d285cc71cab6ca9f2..881ea2d33efde6271c06c172252ed406b977906f 100644 (file)
--- a/zfelleg
+++ b/zfelleg
@@ -1,8 +1,8 @@
 -----BEGIN OPENSSH PRIVATE KEY-----
-b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABBBpr8rSr
-WllBB8lt8b3RvsAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAILRaOFNJvlYefDNQ
-KxyjQ/TAQknjtFywKZj67Hqs17LrAAAAkHTBv6IgoRx+JyVfEa6rDZzLplHSMltAZRdoix
-gepaQUDkqu7WiVOZJMPlscglDwXZE284kut63jAEAN1WMjJ050fya3rAejEg1jXVDHQzYq
-ucGYuvTiPSIxuqkiegmDxTk3E6O+5nkR6MtNTgO3vkvpR7fWtmo5TrYhDu6tw/Imbfwwd/
-Hg14cGBY7PVW3rhw==
+b3BlbnNzaC1rZXktdjEAAAAACmFlczI1Ni1jdHIAAAAGYmNyeXB0AAAAGAAAABCPJLSnyw
+nWN/L+8a7PgM9PAAAAEAAAAAEAAAAzAAAAC3NzaC1lZDI1NTE5AAAAILRaOFNJvlYefDNQ
+KxyjQ/TAQknjtFywKZj67Hqs17LrAAAAkBqhatm0GxqfGABpKfBcx8CggiLkq21AHvp6SO
+9x8PLEh7MOx3grD9s8Wfh38sy/m25Qg+eYwtzaDBa04hrPqGZi8Cew1PA9XZ1bNEREQ0wN
+SOH2svxJ/2JVFLgeo0EGVORrCRTm/TrknnpvGc4fW4x+7e0fi11BElsv4hFT0SsH5m62rb
+jSSehvTqVLrPKIYw==
 -----END OPENSSH PRIVATE KEY-----

diff --git a/zfelleg-cert.pub b/zfelleg-cert.pub
index dc86fc7fec91f493107bcbf223ce813ea3ae7507..31b942e1c94acd368445463299e6e52cb9aed5aa 100644 (file)
--- a/zfelleg-cert.pub
+++ b/zfelleg-cert.pub
@@ -1 +1 @@
-ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIK1xk2Kr5H9WBB4PF4Q6xH4d5Slhhqz9l+oCvCWjtHk0AAAAILRaOFNJvlYefDNQKxyjQ/TAQknjtFywKZj67Hqs17LrAAAAAAAAAAAAAAABAAAAB3pmZWxsZWcAAAATAAAAB3pmZWxsZWcAAAAEcm9vdAAAAABjN3TwAAAAAGPZnXAAAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAnH/111PHTVbW73hpsG3Z0SX2CCLc8SpoEZM5adJOq+QAAAFMAAAALc3NoLWVkMjU1MTkAAABAZh57Y56T3WIoPfAuq6A0SUKHtBpIC1zcQQySWr1nqFj86y6otag9Xp1wa/4glUwIbsDoJEa+PKlibqedQmmNDA== zfelleg
+ssh-ed25519-cert-v01@openssh.com AAAAIHNzaC1lZDI1NTE5LWNlcnQtdjAxQG9wZW5zc2guY29tAAAAIJx+VRgUSLSKeKol/7p+1Vvw001bzYyl2gfgmlwizKHnAAAAILRaOFNJvlYefDNQKxyjQ/TAQknjtFywKZj67Hqs17LrAAAAAAAAAAAAAAABAAAAB3pmZWxsZWcAAAATAAAAB3pmZWxsZWcAAAAEcm9vdAAAAABjsL7wAAAAAGRO8vAAAAAAAAAAggAAABVwZXJtaXQtWDExLWZvcndhcmRpbmcAAAAAAAAAF3Blcm1pdC1hZ2VudC1mb3J3YXJkaW5nAAAAAAAAABZwZXJtaXQtcG9ydC1mb3J3YXJkaW5nAAAAAAAAAApwZXJtaXQtcHR5AAAAAAAAAA5wZXJtaXQtdXNlci1yYwAAAAAAAAAAAAAAMwAAAAtzc2gtZWQyNTUxOQAAACAnH/111PHTVbW73hpsG3Z0SX2CCLc8SpoEZM5adJOq+QAAAFMAAAALc3NoLWVkMjU1MTkAAABA8Szn7Wz75ahBxohKmpyeY3X9bDzSrlGUd8oPps5sS156dp9Wyi6grgPTAdiN+NJKOF+5WZxx/l/itLtvS+ZPDQ== zfelleg