roa

SSH CA use-case with Vault

In this scenario we are going to set up Vault to sign SSH keys using an internal CA. We will configure the SSH secrets engine and create a CA within Vault. We will then configure an SSH server to trust the CA key we just created. Finally we will attempt to SSH using a private key, and a public key signed by Vault SSH CA.

Prerequisites

• This guide assumes you have already provisioned a Vault server, SSH host using OpenSSH server, and a SSH client machine.
• The client system must be able to reach the Vault server and the OpenSSH server.
• We will refer to these systems respectively as:
• VAULT_SERVER

roa

XVFB=/usr/bin/Xvfb
XVFBARGS=":100 -screen 0 1600x1200x24 -auth /etc/conf.d/Xvfb.cfg -nolisten tcp"
PIDFILE=/var/run/Xvfb.pid 

roa

use POSIX ":sys_wait_h";
use Rex -feature => ['exit_status'];


group "servers", "localhost", "127.0.1.2";


task test => group => servers => sub {
   my $output = run "hostname";
   say $output;

roa

#######################
# Rexfile
#######################

task "test", sub {

   my @arr = ("one", "two", "three");

   my %hash = (
      name => "foo",

roa

You might want to read this to get an introduction to armel vs armhf.

If the below is too much, you can try Ubuntu-ARMv7-Qemu but note it contains non-free blobs.

Running ARM programs under linux (without starting QEMU VM!)

First, cross-compile user programs with GCC-ARM toolchain. Then install qemu-arm-static so that you can run ARM executables directly on linux