pewpewdev

joined 1 year ago
sorted by: new top controversial old
SMTP server for forwarding mail to Matrix? in c/main@selfhosted.forum
[–] pewpewdev@alien.top 1 points 1 year ago

You should get a look at mailrise. Its apprise with email support. I have been using it for awhile now and it works perfectly

1
Error deploying Step-CA with SSH support - Any Ideas ? (alien.top)
 

I followed these instructions: https://smallstep.com/blog/build-a-tiny-ca-with-raspberry-pi-yubikey/

The only change I made to these instructions is I added --ssh to the ca init config to add ssh support

When I attempt to run step-ca I get this error

sudo -u step step-ca /etc/step-ca/config/ca.json

error reading templates/ssh/config.tpl: stat /home/step/.step/templates/ssh/config.tpl: no such file or directory

I'm sure this error is related to the ssh config. I'm not sure what part of the setup I'm missing here. Does anyone have any idea. I've never deployed step-ca before?

/etc/step-ca/config/ca.json

{
	"root": "/etc/step-ca/certs/root_ca.crt",
	"federatedRoots": null,
	"crt": "/etc/step-ca/certs/intermediate_ca.crt",
	"key": "yubikey:slot-id=9c",
        "kms": {
            "type": "yubikey",
            "pin": "000000"
        },
	"address": ":443",
	"insecureAddress": "",
	"dnsNames": [
		"tinyca.internal",
		"192.168.4.44"
	],
	"ssh": {
		"hostKey": "/etc/step-ca/secrets/ssh_host_ca_key",
		"userKey": "/etc/step-ca/secrets/ssh_user_ca_key"
	},
	"logger": {
		"format": "text"
	},
	"db": {
		"type": "badgerv2",
		"dataSource": "/etc/step-ca/db",
		"badgerFileLoadingMode": ""
	},
	"authority": {
		"enableAdmin": true
	},
	"tls": {
		"cipherSuites": [
			"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
			"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
		],
		"minVersion": 1.2,
		"maxVersion": 1.3,
		"renegotiation": false
	},
	"templates": {
		"ssh": {
			"user": [
				{
					"name": "config.tpl",
					"type": "snippet",
					"template": "templates/ssh/config.tpl",
					"path": "~/.ssh/config",
					"comment": "#"
				},
				{
					"name": "step_includes.tpl",
					"type": "prepend-line",
					"template": "templates/ssh/step_includes.tpl",
					"path": "${STEPPATH}/ssh/includes",
					"comment": "#"
				},
				{
					"name": "step_config.tpl",
					"type": "file",
					"template": "templates/ssh/step_config.tpl",
					"path": "ssh/config",
					"comment": "#"
				},
				{
					"name": "known_hosts.tpl",
					"type": "file",
					"template": "templates/ssh/known_hosts.tpl",
					"path": "ssh/known_hosts",
					"comment": "#"
				}
			],
			"host": [
				{
					"name": "sshd_config.tpl",
					"type": "snippet",
					"template": "templates/ssh/sshd_config.tpl",
					"path": "/etc/ssh/sshd_config",
					"comment": "#",
					"requires": [
						"Certificate",
						"Key"
					]
				},
				{
					"name": "ca.tpl",
					"type": "snippet",
					"template": "templates/ssh/ca.tpl",
					"path": "/etc/ssh/ca.pub",
					"comment": "#"
				}
			]
		}
	}
}