-
Notifications
You must be signed in to change notification settings - Fork 0
/
bless.conf
27 lines (26 loc) · 1.47 KB
/
bless.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# This section and its options are optional
[Bless Options]
# Number of seconds +/- the issued time for the certificate to be valid
certificate_validity_after_seconds = 120
certificate_validity_before_seconds = 120
# Minimum number of bits in the system entropy pool before requiring an additional seeding step
entropy_minimum_bits = 2048
# Number of bytes of random to fetch from KMS to seed /dev/urandom
random_seed_bytes = 256
# Set the logging level
logging_level = INFO
# Comma separated list of the SSH Certificate extensions to include. Not specifying this uses the ssh-keygen defaults:
# certificate_extensions = permit-X11-forwarding,permit-agent-forwarding,permit-port-forwarding,permit-pty,permit-user-rc
# Username validation options are described in bless_request.py:USERNAME_VALIDATION_OPTIONS
# Configure how bastion_user names are validated.
# username_validation = useradd
# Configure how remote_usernames names are validated.
# remote_usernames_validation = principal
# Configure a regex of blacklisted remote_usernames that will be rejected for any value of remote_usernames_validation.
# remote_usernames_blacklist = root|admin.*
# These values are all required to be modified for deployment
[Bless CA]
# Specify the file name of your SSH CA's Private Key in PEM format.
ca_private_key_file = ~/src/certauth/ca_intermediate/private/ca_intermediate.key.pem
# Or specify the private key directly as a base64 encoded string.
# ca_private_key = <INSERT_YOUR_ENCRYPTED_PEM_FILE_CONTENT>