Fixing the readme file
This commit is contained in:
Stephane Tranchemer
committed by
GitHub
GitHub
parent
c4ac824d67
commit
4bd7e38f1f
31
ReadMe.md
31
ReadMe.md
@@ -1,14 +1,17 @@
|
||||
# Rotate all ssh keys on servers for certain users
|
||||
|
||||
- create new key with name scheme
|
||||
This script is run locally on your operation Workstation.
|
||||
These scripts are mainly destinated to rotate the SSH key, a set of scripts is for admin users, the other is for normal users.
|
||||
|
||||
- create new key with name scheme <<< to specify >>>
|
||||
- copy to server to
|
||||
- $ADMIN/.ssh (to be ended for admin user)
|
||||
- $ADMIN/.ssh (this usage is to be ended for admin user, only if such key already exist)
|
||||
- /etc/ssh/authorized_keys--master
|
||||
- /etc/ssh/authorized_keys/$USER
|
||||
|
||||
Then remove old key
|
||||
|
||||
Store ssh key name for current period
|
||||
Store ssh key name for current period in your `ssh-public-keys/admin-current/` folder
|
||||
|
||||
## Settings files
|
||||
|
||||
@@ -20,29 +23,30 @@ key_age=90
|
||||
server_list=server_list.csv
|
||||
# if start with ~/ it will be replaced with $HOME
|
||||
server_pem_folder=~/folder/to/admin/pems/
|
||||
server_pem_archive_folder=~/tolder/for/archive/pems/
|
||||
server_pem_archive_folder=~/folder/for/archive/pems/
|
||||
```
|
||||
|
||||
- key_age is in days, default is 90
|
||||
- server_lust is the file name where the servers and info is stored
|
||||
- server_list is the file name where the servers and info is stored
|
||||
- server_pem_folder is the location for the PEM files, eg in a ~/.ssh/ sub folder
|
||||
- server_pem_archive_folder is thge location for the archive files, a sub folder will be created there
|
||||
- server_pem_archive_folder is the location for the archive files, a sub folder will be created there
|
||||
|
||||
### server_list fiel
|
||||
### server_list file
|
||||
|
||||
This file is semicolon ';' separated and not ',' as usual. The reason is that the authorization key settings block is comma separated
|
||||
This file is not kept in the repository for security purpose. <<< to specify >>>
|
||||
This file is semicolon ';' separated and not ',' as usual. The reason is that the authorization key settings block is comma separated.
|
||||
|
||||
- Sever: server name as to which to connect to
|
||||
- Username: the username to use to connect
|
||||
- Server: server name as to which to connect to
|
||||
- Username: the username to use to connect (and actually rotate the key)
|
||||
- Flag: currently not used
|
||||
- Auth Key Settings: Optional settings block for the public key entry in the auth file
|
||||
- Auth Key Settings: Optional settings block for the public key entry in the auth file (IP restriction, commands allowed, etc )
|
||||
|
||||
## Scripts
|
||||
|
||||
### `admin-rotate-ssh-keys.sh`
|
||||
|
||||
Will create a new key and deploy on the server and move the PEM part to the
|
||||
local SSH folder
|
||||
Will create a new key and deploy on the server and move the PEM part to the local SSH folder.
|
||||
Folders are defined in the settings.ini
|
||||
|
||||
Must have -g flag set to run
|
||||
|
||||
@@ -74,6 +78,7 @@ Options are
|
||||
|
||||
### `user-add-ssh-key.sh`
|
||||
|
||||
This script does not provide key, you need to provide a public key
|
||||
Add a user public key to the admin user on a server
|
||||
|
||||
- -h override single host name
|
||||
|
||||
Reference in New Issue
Block a user