From 11e5eaa60c530a4c9a3cc66e09189c6c2eeb6278 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Zolt=C3=A1n=20Felleg?= <zoltan.felleg@userrendszerhaz.hu>
Date: Wed, 26 Mar 2025 17:56:25 +0100
Subject: [PATCH] Updated doc.txt and updatecerts.sh (added
 AuthorizedPrincipalsFile).

---
 doc.txt        | 6 ++++++
 updatecerts.sh | 6 +++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/doc.txt b/doc.txt
index a18d868..ebb1d03 100644
--- a/doc.txt
+++ b/doc.txt
@@ -4,6 +4,12 @@ user CA generation:
 user CA setup (as root on ssh servers):
   cat user-CA.pub >>/etc/ssh/trusted-user-ca.keys
   echo "TrustedUserCAKeys /etc/ssh/trusted-user-ca.keys" >/etc/ssh/sshd_config.d/99-user-CA.conf
+  >/etc/ssh/authorized-principals.root
+  echo "fritter" >>/etc/ssh/authorized-principals.root
+  echo "mszabo" >>/etc/ssh/authorized-principals.root
+  echo "scripts" >>/etc/ssh/authorized-principals.root
+  echo "zfelleg" >>/etc/ssh/authorized-principals.root
+  echo "AuthorizedPrincipalsFile /etc/ssh/authorized-principals.%u" >/etc/ssh/sshd_config.d/99-principals-file.conf
 
 user key generation:
   ssh-keygen -t ed25519 -C <key comment> -f <key file>
diff --git a/updatecerts.sh b/updatecerts.sh
index 840f886..8170073 100755
--- a/updatecerts.sh
+++ b/updatecerts.sh
@@ -25,7 +25,7 @@ case "$CERT_QUARTER" in
         CERT_END_YYYYMMDD="${CERT_YEAR}0501"
         ;;
     "2")
-        # apr 1 - jul 30
+        # apr 1 - jul 31
         CERT_START_YYYYMMDD="${CERT_YEAR}0401"
         CERT_END_YYYYMMDD="${CERT_YEAR}0801"
         ;;
@@ -48,8 +48,8 @@ esac
 
 for CERT_NAME in fritter mszabo scripts zfelleg
 do
-    ssh-keygen -I $CERT_NAME \
-               -n "${CERT_NAME},root" \
+    ssh-keygen -I ${CERT_NAME}-$CERT_YEAR_QUARTER \
+               -n "$CERT_NAME" \
                -s user-CA \
                -V ${CERT_START_YYYYMMDD}:$CERT_END_YYYYMMDD \
                ${CERT_NAME}.pub
-- 
2.54.0