Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-07-23 15:30:44 -04:00
Code Issues Projects Releases Packages Wiki Activity

feat: use SSH host certificates (#3786)

Browse source
This commit is contained in:
miampf 2025-07-01 12:47:04 +02:00 committed by GitHub
parent 95f17a6d06
commit 7ea5c41f9b
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
34 changed files with 706 additions and 117 deletions
Download patch file Download diff file Expand all files Collapse all files

8
internal/constants/constants.go
View file

@ -45,7 +45,13 @@ const (
// SSHCAKeySuffix is the suffix used together with the DEKPrefix to derive an SSH CA key for emergency ssh access.
SSHCAKeySuffix = "ca_emergency_ssh"
// SSHCAKeyPath is the path to the emergency SSH CA key on the node.
SSHCAKeyPath = "/run/ssh/ssh_ca.pub"
SSHCAKeyPath = "/var/run/state/ssh/ssh_ca.pub"
// SSHHostKeyPath is the path to the SSH host key of the node.
SSHHostKeyPath = "/var/run/state/ssh/ssh_host_ed25519_key"
// SSHHostCertificatePath is the path to the SSH host certificate.
SSHHostCertificatePath = "/var/run/state/ssh/ssh_host_cert.pub"
// SSHAdditionalPrincipalsPath stores additional principals (like the public IP of the load balancer) that get added to all host certificates.
SSHAdditionalPrincipalsPath = "/var/run/state/ssh/additional_principals.txt"
//
// Ports.