diff --git a/ReadMe.md b/ReadMe.md index a6cc530..26866f1 100644 --- a/ReadMe.md +++ b/ReadMe.md @@ -13,14 +13,16 @@ These scripts are mainly destinated to rotate the SSH key, a set of scripts is f - /etc/ssh/authorized_keys--master - /etc/ssh/authorized_keys/$USER -Then remove old key +Then remove old key (with the remove script) -Store ssh key name for current period in your `ssh-public-keys/admin-current/` folder +Stores the public ssh key name for current period in the local `ssh-public-keys/admin-current/` folder ## Settings files ### `settings.ini` +Sample file: `settings.sample.ini` + ```ini [Settings] key_age=90 @@ -35,7 +37,9 @@ server_pem_archive_folder=~/folder/for/archive/pems/ - server_pem_folder is the location for the PEM files, eg in a ~/.ssh/ sub folder - server_pem_archive_folder is the location for the archive files, a sub folder will be created there -### server_list file +### `server_list.csv` file + +Sample file: `server_list.sample.csv` This file is not kept in the repository for security purpose. <<< to specify >>> @@ -50,15 +54,17 @@ This file is semicolon ';' separated and not ',' as usual. The reason is that th ### `admin-rotate-ssh-keys.sh` -Will create a new key and deploy on the server and move the PEM part to the local SSH folder. +Will create a new key and deploy on the server and move the PEM part to the local SSH folder as defined in the `settings.ini` file `server_pem_folder` config setting and store the public keys in the `ssh-public-keys/admin-current` . -Folders are defined in the settings.ini +Previous keys are moved to the`server_pem_archive_folder` + +The old public keys are moved to the `ssh-public-keys/admin-previous` folder Must have -g flag set to run ### `admin-remove-old-ssh-keys.sh` -Will check in the previous ssh public key folder and remove this entry from the remote server +Will check in the previous ssh public key folder `ssh-public-keys/admin-previous` and remove this entry from the remote server Must have -g flag set to run @@ -84,7 +90,9 @@ Options are ### `user-add-ssh-key.sh` -This script does not provide key, you need to provide a public key +This script does not create a new private/public key set, you need to provide a public key + +The public key must be put into the `ssh-public-keys/user-current` folder Add a user public key to the admin user on a server @@ -96,6 +104,8 @@ Add a user public key to the admin user on a server ### `user-remove-ssh-key.sh` +To removed public keys must be located in the `ssh-public-keys/user-previous` folder + Remove a user public key from the admin user on a server - -h override single host name diff --git a/config/.gitignore b/config/.gitignore index 4eeca2f..cecf739 100644 --- a/config/.gitignore +++ b/config/.gitignore @@ -1,3 +1,4 @@ * !.gitignore !settings.sample.ini +!server_list.sample.csv diff --git a/config/server_list.sample.csv b/config/server_list.sample.csv new file mode 100644 index 0000000..f7b60fd --- /dev/null +++ b/config/server_list.sample.csv @@ -0,0 +1,2 @@ +Server,Username,Flag,Auth Key Settings +server ssh connect name,ssh connect admin name,NOT USED,ssh authorized file settings string