Update readme file, add server list sample file
This commit is contained in:
Clemens Schwaighofer
24
ReadMe.md
24
ReadMe.md
@@ -13,14 +13,16 @@ These scripts are mainly destinated to rotate the SSH key, a set of scripts is f
|
||||
- /etc/ssh/authorized_keys--master
|
||||
- /etc/ssh/authorized_keys/$USER
|
||||
|
||||
Then remove old key
|
||||
Then remove old key (with the remove script)
|
||||
|
||||
Store ssh key name for current period in your `ssh-public-keys/admin-current/` folder
|
||||
Stores the public ssh key name for current period in the local `ssh-public-keys/admin-current/` folder
|
||||
|
||||
## Settings files
|
||||
|
||||
### `settings.ini`
|
||||
|
||||
Sample file: `settings.sample.ini`
|
||||
|
||||
```ini
|
||||
[Settings]
|
||||
key_age=90
|
||||
@@ -35,7 +37,9 @@ server_pem_archive_folder=~/folder/for/archive/pems/
|
||||
- server_pem_folder is the location for the PEM files, eg in a ~/.ssh/ sub folder
|
||||
- server_pem_archive_folder is the location for the archive files, a sub folder will be created there
|
||||
|
||||
### server_list file
|
||||
### `server_list.csv` file
|
||||
|
||||
Sample file: `server_list.sample.csv`
|
||||
|
||||
This file is not kept in the repository for security purpose. <<< to specify >>>
|
||||
|
||||
@@ -50,15 +54,17 @@ This file is semicolon ';' separated and not ',' as usual. The reason is that th
|
||||
|
||||
### `admin-rotate-ssh-keys.sh`
|
||||
|
||||
Will create a new key and deploy on the server and move the PEM part to the local SSH folder.
|
||||
Will create a new key and deploy on the server and move the PEM part to the local SSH folder as defined in the `settings.ini` file `server_pem_folder` config setting and store the public keys in the `ssh-public-keys/admin-current` .
|
||||
|
||||
Folders are defined in the settings.ini
|
||||
Previous keys are moved to the`server_pem_archive_folder`
|
||||
|
||||
The old public keys are moved to the `ssh-public-keys/admin-previous` folder
|
||||
|
||||
Must have -g flag set to run
|
||||
|
||||
### `admin-remove-old-ssh-keys.sh`
|
||||
|
||||
Will check in the previous ssh public key folder and remove this entry from the remote server
|
||||
Will check in the previous ssh public key folder `ssh-public-keys/admin-previous` and remove this entry from the remote server
|
||||
|
||||
Must have -g flag set to run
|
||||
|
||||
@@ -84,7 +90,9 @@ Options are
|
||||
|
||||
### `user-add-ssh-key.sh`
|
||||
|
||||
This script does not provide key, you need to provide a public key
|
||||
This script does not create a new private/public key set, you need to provide a public key
|
||||
|
||||
The public key must be put into the `ssh-public-keys/user-current` folder
|
||||
|
||||
Add a user public key to the admin user on a server
|
||||
|
||||
@@ -96,6 +104,8 @@ Add a user public key to the admin user on a server
|
||||
|
||||
### `user-remove-ssh-key.sh`
|
||||
|
||||
To removed public keys must be located in the `ssh-public-keys/user-previous` folder
|
||||
|
||||
Remove a user public key from the admin user on a server
|
||||
|
||||
- -h override single host name
|
||||
|
||||
1
config/.gitignore
vendored
1
config/.gitignore
vendored
@@ -1,3 +1,4 @@
|
||||
*
|
||||
!.gitignore
|
||||
!settings.sample.ini
|
||||
!server_list.sample.csv
|
||||
|
||||
2
config/server_list.sample.csv
Normal file
2
config/server_list.sample.csv
Normal file
@@ -0,0 +1,2 @@
|
||||
Server,Username,Flag,Auth Key Settings
|
||||
server ssh connect name,ssh connect admin name,NOT USED,ssh authorized file settings string
|
||||
|
Reference in New Issue
Block a user