sharkey
sharkey copied to clipboard
square
Sharkey is a service for managing certificates for use by OpenSSH
Bumps [github.com/bradleyfalzon/ghinstallation/v2](https://github.com/bradleyfalzon/ghinstallation) from 2.0.4 to 2.1.0. Release notes Sourced from github.com/bradleyfalzon/ghinstallation/v2's releases. v2.1.0 What's Changed Update go-github to v43 by @asvoboda in bradleyfalzon/ghinstallation#63 Respect the http.RoundTripper contract by @CAFxX in...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
#82 added additional endpoint, which is now covered by the `integration-test.sh` test script, but sharkey is lacking more Go HTTP tests.
- [ ] ROCA rsa keys - [ ] debian weak keys - [ ] too small keys (eg, 1024 bit rsa) - [ ] algorithm policy (eg, require ed25519)
In a nutshell this means that: 1. The client should be able to get its certs from the SPIFFE agent via the workload API and use it to connect to...
We use "ON DUPLICATE UPDATE" in the database tracking host key, and return the row ID. But that doesn't work if a host changes hostkey
Allow the client to include multiple alias hostnames in its enrollment request, where the additional hostnames are added as aliases in known_hosts output. This will be useful for multi-homed clients....
Build RPMs in Travis for CentOS 7 and possibly CentOS 6. - [x] Figure out the best way to install Go in CentOS as RPMs are only at 1.4.2 even...
We should have integration tests that grab various OpenSSH versions and run them in a docker container with Sharkey, to ensure we're compatible and our certs actually work
We should support - a known_hosts of registered hosts (what we have right now) - a known_hosts with the CAs used for all currently issued certs (today, we only support...
I wrote a design doc, which should be published in this repo (minus any proprietary stuff).