Last active
November 19, 2020 19:48
-
-
Save dgeo/c81dfff42f4a81903eb198066957c679 to your computer and use it in GitHub Desktop.
create an aruba public cert from openssh keypair
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh -e | |
# | |
# this script will take your ssh keypair (key and key.pub) to create a | |
# public certificate accepted by an aruba controller to be able to login | |
# with an ssh private key | |
# | |
if [ $# -ne 2 -o ! -f "$1" -o -z "$2" ]; then | |
echo "usage: $0 ssh_priv_key_file login" | |
exit 1 | |
fi | |
MYKEY=$(realpath $1) | |
MYLOGIN=$2 | |
MYDIR=/tmp/ssh.$$ | |
mkdir -p $MYDIR/demoCA | |
echo "12" > $MYDIR/demoCA/serial | |
touch $MYDIR/demoCA/index.txt | |
cd $MYDIR | |
ssh-keygen -e -m PEM -f $MYKEY.pub > mon.pem | |
openssl req -key $MYKEY -out $MYDIR/mon.csr -subj "/C=ZT/ST=Some Where/L=MyCity/O=MyBoss/OU=MyMates/CN=$MYLOGIN" -outform PEM -new | |
(echo y; echo y) | openssl ca -in mon.csr -out $MYLOGIN.pem -md sha1 -keyfile $MYKEY -keyform PEM -cert mon.pem -selfsign -days 3650 -outdir ./ | |
cd - | |
cp $MYDIR/$MYLOGIN.pem . | |
rm -rf $MYDIR | |
echo "1. copier $MYLOGIN.pem dans tftpserver:/tftpboot/aruba" | |
echo "2. on aruba controller (cli):" | |
echo " 2.1. copy tftp: IP.TFTP.SRV.XXX /aruba/$MYLOGIN.pem flash: $MYLOGIN.pem" | |
echo " 2.2. crypto pki-import pem PublicCert $MYLOGIN $MYLOGIN.pem" | |
echo " 2.3. conf t" | |
echo " 2.4. mgmt-user ssh-pubkey client-cert $MYLOGIN $MYLOGIN root" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment