https://github.com/signmykeyio/signmykey
An automated SSH Certificate Authority
https://github.com/signmykeyio/signmykey
go golang security signmykey ssh
Last synced: 5 months ago
JSON representation
An automated SSH Certificate Authority
- Host: GitHub
- URL: https://github.com/signmykeyio/signmykey
- Owner: signmykeyio
- License: mit
- Created: 2018-08-03T09:04:42.000Z (almost 8 years ago)
- Default Branch: master
- Last Pushed: 2026-01-12T13:01:58.000Z (5 months ago)
- Last Synced: 2026-01-12T19:55:25.167Z (5 months ago)
- Topics: go, golang, security, signmykey, ssh
- Language: Go
- Homepage: https://signmykey.io/
- Size: 9.56 MB
- Stars: 71
- Watchers: 3
- Forks: 7
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
----
----
Signmykey is an automated SSH Certificate Authority. It allows you to securely and centrally manage SSH accesses to your infrastructure.
Three types of backends are supported by Signmykey:
* **Authenticator**: users can be authenticated through different systems like LDAP or Local map.
* **Principals**: list of principals applied to SSH certificates can be created dynamically from LDAP groups or set statically in local config.
* **Signer**: cryptographic signing operations of SSH certificates can be done directly by Signmykey or via Hashicorp Vault.
## Install
### Manual
* Download **signmykey** zip file (ex: on 64bits linux):
```
curl -Lo signmykey https://github.com/signmykeyio/signmykey/releases/download/v0.5.1/signmykey_linux_amd64
```
* Install it in your PATH:
```
chmod +x signmykey && sudo mv signmykey /usr/bin/
```
### APT
* Ensure you have curl and gpg
```
sudo apt update && sudo apt install ca-certificates curl gnupg
```
* Add Signmykey GPG to your APT truststore
```
curl https://gpg.signmykey.io/signmykey.pub | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/signmykey.gpg
```
* Add Signmykey repository
```
echo 'deb [signed-by=/etc/apt/trusted.gpg.d/signmykey.gpg] https://apt.signmykey.io stable main' | sudo tee /etc/apt/sources.list.d/signmykey.list
```
* Install Signmykey package
```
sudo apt update && sudo apt install signmykey
```
### YUM
* Add Signmykey repository
```
echo "[signmykey]
name=Signmykey repo
baseurl=https://rpm.signmykey.io/
enabled=1
gpgcheck=0
repo_gpgcheck=1
gpgkey=https://gpg.signmykey.io/signmykey.pub" > /etc/yum.repos.d/signmykey.repo
```
* Install Signmykey package
```
sudo yum install signmykey
```
## Quickstart
* Start server in dev mode (replace *myremoteuser* by the name of the user you want to connect on remote server):
```
signmykey server dev -u myremoteuser
```
* Follow "Server side" instructions displayed by previous command, ex:
```
### Server side
An ephemeral certificate authority is created for this instance and will die with it.
To deploy this CA on destination servers, you can launch this command:
$ echo "ssh-rsa fakeCApubKey" > /etc/ssh/ca.pub
You then have to add this line to "/etc/ssh/sshd_config" and restart OpenSSH server:
TrustedUserCAKeys /etc/ssh/ca.pub
```
* Follow "Client side" instructions, ex:
```
### Client side
A temporary user is created with this parameters:
user: myremoteuser
password: fakepassword
principals: myremoteuser
You can sign your key with this command:
$ signmykey -a http://127.0.0.1:9600/ -u myremoteuser
```
* Congrats \o/
## Documentation
Documentation is available at https://signmykey.io/