Add a sample for doing SSH CA

This will explore the concept for the backend of the get certificate api.
2025-02-28 08:11:45 +00:00 · 2020-03-06 13:43:54 -05:00 · 2020-03-06 13:43:54 -05:00 · 34f2f6e359
commit 34f2f6e359
parent 7fe47baab3
1 changed files with 23 additions and 0 deletions
--- a/misc/sshca.py
+++ b/misc/sshca.py
@ -0,0 +1,23 @@
+#!/usr/bin/python
+
+import confluent.collective.manager as collective
+import eventlet.green.subprocess as subprocess
+import os
+
+def initialize_ca():
+    try:
+        os.makedirs('/etc/confluent/ssh', mode=0o600)
+    except OSError as e:
+        if e.errno != 17:
+            raise
+    caname = '{0} SSH CA'.format(collective.get_myname())
+    subprocess.check_call(['ssh-keygen', '-C', caname, '-t', 'ecdsa', '-f', '/etc/confluent/ssh/ca', '-N', ''])
+
+
+def ca_exists():
+    return os.path.exists('/etc/confluent/ssh/ca')
+
+
+if __name__ == '__main__':
+    if not ca_exists():
+        initialize_ca()