[Solved] Problem for creating Roles for signing client SSH keys via CLI

mrwormo · June 15, 2023, 8:40am

Hello,

I’m pretty new with Hashicorp Vault.

I’m trying to follow this guide to set up SSH access.

I’m stuck when i want to create roles via CLI (copy/paste code from the website) :

$ vault write ssh-client-signer/roles/administrator-role -<<EOH
{
 “allow_user_certificates”: true,
 “allowed_users”: “administrator”,
 “allowed_extensions”: “”,
 “default_extensions”: [
 {
 “permit-pty”: “”
 }
 ],
 “key_type”: “ca”,
 “default_user”: “administrator”,
 “ttl”: “30m0s”
}
EOH

Failed to parse K=V data: invalid key/value pair "-": invalid character 'â' looking for beginning of object key string

I can’t understand the error message, even more the command below from this page is working.

$ vault write ssh-client-signer/roles/my-role -<<"EOH"
{
  "algorithm_signer": "rsa-sha2-256",
  "allow_user_certificates": true,
  "allowed_users": "*",
  "allowed_extensions": "permit-pty,permit-port-forwarding",
  "default_extensions": {
    "permit-pty": ""
  },
  "key_type": "ca",
  "default_user": "ubuntu",
  "ttl": "30m0s"
}
EOH

What you think about this error ?
What’s the right way to do that ?

Thx by advance, any help appreciated.

maxb · June 15, 2023, 9:28am

Whether the EOH on line 1 of these commands is quoted or not, affects how the shell processes the body of the text.

mrwormo · June 15, 2023, 9:40am

Yeah, i found : the quotation marks “” were a problem.

All is working fine with "" quotation marks.

Thx for pointing this out.