You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
// get a reference to the configured CAappModule, err:=ctx.App("pki")
iferr!=nil {
returnerr
}
pkiApp:=appModule.(*caddypki.PKI)
ca, err:=pkiApp.GetCA(ctx, ash.CA)
iferr!=nil {
returnerr
}
Then from there we'd need to adjust caddypki.CA.NewAuthority() to support configuring the CA for SSH use, i.e. by adding authority.WithSSH*() options, then we can call authority.SignSSH and spit out the result to whoever needs it. When you need to do auth for a new connection, I think we can call authority.GetSSHRoots() then validate it with x/crypto/ssh as you normally would (not sure how SSH key verification would work, haven't dug into how caddy-ssh does that yet)
I am especially interested in ensuring that revocation works as expected. Of real interest would be seeing if we can boot/force logout any sessions users are logged into already at time of revocation
See:
The text was updated successfully, but these errors were encountered: