Self-Hosted Main

504 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

founded 1 year ago

MODERATORS

communick@selfhosted.forum

Error deploying Step-CA with SSH support - Any Ideas ? (alien.top)

submitted 1 year ago by pewpewdev@alien.top to c/main@selfhosted.forum

0 comments fedilink hide all child comments

I followed these instructions: https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi-yubikey/

The only change I made to these instructions is I added --ssh to the ca init config to add ssh support

When I attempt to run step-ca I get this error

sudo -u step step-ca /etc/step-ca/config/ca.json

error reading templates/ssh/config.tpl: stat /home/step/.step/templates/ssh/config.tpl: no such file or directory

I'm sure this error is related to the ssh config. I'm not sure what part of the setup I'm missing here. Does anyone have any idea. I've never deployed step-ca before?

/etc/step-ca/config/ca.json

{
	"root": "/etc/step-ca/certs/root_ca.crt",
	"federatedRoots": null,
	"crt": "/etc/step-ca/certs/intermediate_ca.crt",
	"key": "yubikey:slot-id=9c",
        "kms": {
            "type": "yubikey",
            "pin": "000000"
        },
	"address": ":443",
	"insecureAddress": "",
	"dnsNames": [
		"tinyca.internal",
		"192.168.4.44"
	],
	"ssh": {
		"hostKey": "/etc/step-ca/secrets/ssh_host_ca_key",
		"userKey": "/etc/step-ca/secrets/ssh_user_ca_key"
	},
	"logger": {
		"format": "text"
	},
	"db": {
		"type": "badgerv2",
		"dataSource": "/etc/step-ca/db",
		"badgerFileLoadingMode": ""
	},
	"authority": {
		"enableAdmin": true
	},
	"tls": {
		"cipherSuites": [
			"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
		],
		"minVersion": 1.2,
		"maxVersion": 1.3,
		"renegotiation": false
	},
	"templates": {
		"ssh": {
			"user": [
				{
					"name": "config.tpl",
					"type": "snippet",
					"template": "templates/ssh/config.tpl",
					"path": "~/.ssh/config",
					"comment": "#"
				},
				{
					"name": "step_includes.tpl",
					"type": "prepend-line",
					"template": "templates/ssh/step_includes.tpl",
					"path": "${STEPPATH}/ssh/includes",
					"comment": "#"
				},
				{
					"name": "step_config.tpl",
					"type": "file",
					"template": "templates/ssh/step_config.tpl",
					"path": "ssh/config",
					"comment": "#"
				},
				{
					"name": "known_hosts.tpl",
					"type": "file",
					"template": "templates/ssh/known_hosts.tpl",
					"path": "ssh/known_hosts",
					"comment": "#"
				}
			],
			"host": [
				{
					"name": "sshd_config.tpl",
					"type": "snippet",
					"template": "templates/ssh/sshd_config.tpl",
					"path": "/etc/ssh/sshd_config",
					"comment": "#",
					"requires": [
						"Certificate",
						"Key"
					]
				},
				{
					"name": "ca.tpl",
					"type": "snippet",
					"template": "templates/ssh/ca.tpl",
					"path": "/etc/ssh/ca.pub",
					"comment": "#"
				}
			]
		}
	}
}

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here