How to Configuring Vault's SSH-CA?

hafizzainansari777 · February 24, 2021, 7:00pm

signer-clientrole.json file:

{
  "allow_user_certificates": true,
  "allowed_users": "*",
  "default_extensions": [
    {
      "permit-pty": ""
    }
  ],
  "key_type": "ca",
  "default_user": "ubuntu",
  "ttl": "30m0s"
}

user-policy.hcl file:

path "sys/mounts" {
  capabilities = ["list", "read"]
}

path "ssh-client-signer/sign/clientrole" {
  capabilities = ["create", "update"]
}

path "ssh-client-signer/config/ca" {
  capabilities = ["read"]
}

path "ssh-host-signer/config/ca" {
  capabilities = ["read"]
}

Topic		Replies	Views
Using Vault as an SSH certificate authority asks for password Vault	9	789	June 6, 2023
Vault ssh ca permission denied Vault vault	2	204	June 20, 2024
SSH OTP does not work Vault vault	11	1126	February 3, 2024
Connect to server linux using Hashicorp Vault SSH client signed from windows client Vault	8	1223	April 28, 2022
Vault Signed SSH certificates integrate with PKI(certificates) Terraform vault	1	102	March 22, 2025

How to Configuring Vault's SSH-CA?

Related topics