Rename to sshtokenca

.gitignore

@@ -1,9 +1,2 @@
-# sshagentca gitignore
-.DS_Store
-*.swp
-*.swo
-ex/*
-tags
-main
-sshagentca
-
+# sshtokenca gitignore
+sshtokenca

LICENCE

@@ -19,5 +19,5 @@ CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
 TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
 SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 
-Copyright (c) 2020 Rory Campbell-Lange
+Copyright (c) 2020 Brian Candler
 

README.md

@@ -1,8 +1,8 @@
 **This is a fork of https://github.com/rorycl/sshagentca**
 
-# sshagentca
+# sshtokenca
 
-version 0.0.5-candlerb : 10 May 2020
+version 0.0.5 : 22 May 2020
 
 A proof-of-concept project to add ssh user certificates to forwarded ssh
 agents using go's ssh packages.
@@ -11,8 +11,8 @@ This project is for testing purposes and has not been security audited.
 
 Running the server:
 
-    sshagentca -h
-    sshagentca -t <privatekey> -c <caprivatekey>
+    sshtokenca -h
+    sshtokenca -t <privatekey> -c <caprivatekey>
                [-i <ipaddress>] [-p <port>] settings.yaml
 
 Example client usage:
@@ -24,8 +24,8 @@ Example client usage:
     <enter password>
 
     # assuming the public key or fingerprint to id_test is in the
-    # settings.yaml file on the sshagentca server, along with the
-    # certificate name and principals, and sshagentca is running on
+    # settings.yaml file on the sshtokenca server, along with the
+    # certificate name and principals, and sshtokenca is running on
     # 10.0.1.99: (it is important to forward the agent)
     ssh -p 2222 10.0.1.99 -A
 
@@ -41,10 +41,10 @@ Example client usage:
     # the agent if needed, for example for sudo authentication, if configured
     ssh userthatcansudo@remoteserver -A
 
-The login username that the client provides when connecting to `sshagentca`
+The login username that the client provides when connecting to `sshtokenca`
 is ignored - it does not have to match the `name:` in `settings.yaml`.
 
-Certificates from `sshagentca` can be conveniently used with
+Certificates from `sshtokenca` can be conveniently used with
 [pam-ussh](https://github.com/uber/pam-ussh) to control sudo privileges
 on suitably configured servers.
 
@@ -55,10 +55,10 @@ https://godoc.org/golang.org/x/crypto/ssh.
 ## Building
 
 ```
-go get github.com/candlerb/sshagentca
+go get github.com/candlerb/sshtokenca
 ```
 
-The binary will be installed in `~/go/bin/sshagentca` by default.
+The binary will be installed in `~/go/bin/sshtokenca` by default.
 
 ## Details
 
@@ -88,10 +88,10 @@ The inserted certificate is generated from a freshly-minted ECDSA key pair
 with a P-384 curve for fast key generation.  The CA key you provide to
 sign the certificate may be a different type (e.g. RSA).
 
-Clients can authenticate to sshagentca using any key type supported by go's
+Clients can authenticate to sshtokenca using any key type supported by go's
 `x/crypto/ssh` package.  This includes the ecdsa-sk key used with U2F
 security keys, introduced in OpenSSH 8.2.  Hence you can use a physical U2F
-token with an OpenSSH 8.2 client to authenticate to sshagentca, whilst the
+token with an OpenSSH 8.2 client to authenticate to sshtokenca, whilst the
 certificates it issues will work with older versions of sshd.
 
 ## Certificate Restrictions
@@ -169,5 +169,3 @@ from him and others on the ssh mailing list.
 ## License
 
 This project is licensed under the [MIT Licence](LICENCE).
-
-Rory Campbell-Lange 15 April 2020

agentcert.go

@@ -5,7 +5,7 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	"fmt"
-	"github.com/candlerb/sshagentca/util"
+	"github.com/candlerb/sshtokenca/util"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/crypto/ssh/agent"
 	"log"

go.mod

@@ -1,13 +1,13 @@
-module github.com/candlerb/sshagentca
+module github.com/candlerb/sshtokenca
 
 go 1.14
 
 require (
 	github.com/coreos/go-oidc v2.2.1+incompatible
 	github.com/jessevdk/go-flags v1.4.0
 	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
-	golang.org/x/crypto v0.0.0-20200403201458-baeed622b8d8
+	golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37
 	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
 	gopkg.in/square/go-jose.v2 v2.5.1 // indirect
-	gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c
+	gopkg.in/yaml.v3 v3.0.0-20200506231410-2ff61e1afc86
 )

go.sum

@@ -7,8 +7,8 @@ github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJS
 github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 h1:J9b7z+QKAmPf4YLrFg6oQUotqHQeUNWwkvo7jZp1GLU=
 github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20200403201458-baeed622b8d8 h1:fpnn/HnJONpIu6hkXi1u/7rR0NzilgWr4T0JmWkEitk=
-golang.org/x/crypto v0.0.0-20200403201458-baeed622b8d8/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37 h1:cg5LA/zNPRzIXIWSCxQW10Rvpy94aQh3LT/ShoCpkHw=
+golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
@@ -21,9 +21,8 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/square/go-jose.v2 v2.5.1 h1:7odma5RETjNHWJnR32wx8t+Io4djHE1PqxCFx3iiZ2w=
 gopkg.in/square/go-jose.v2 v2.5.1/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.0-20200506231410-2ff61e1afc86 h1:OfFoIUYv/me30yv7XlMy4F9RJw8DEm8WQ6QG1Ph4bH0=
+gopkg.in/yaml.v3 v3.0.0-20200506231410-2ff61e1afc86/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=

main.go

@@ -2,7 +2,7 @@ package main
 
 import (
 	"fmt"
-	"github.com/candlerb/sshagentca/util"
+	"github.com/candlerb/sshtokenca/util"
 	flags "github.com/jessevdk/go-flags"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/crypto/ssh/terminal"
@@ -17,8 +17,8 @@ SSH Agent CA version %s
 
 A proof-of-concept SSH server forwarded agent certificate authority
 
-    sshagentca -h
-    sshagentca -p <privatekey> -c <caprivatekey>
+    sshtokenca -h
+    sshtokenca -p <privatekey> -c <caprivatekey>
                -i <ipaddress> -p <port> settings.yaml
 
 Application Arguments:

server.go

@@ -3,7 +3,7 @@ package main
 import (
 	"context"
 	"fmt"
-	"github.com/candlerb/sshagentca/util"
+	"github.com/candlerb/sshtokenca/util"
 	"golang.org/x/crypto/ssh"
 	"golang.org/x/crypto/ssh/agent"
 	"golang.org/x/crypto/ssh/terminal"

settings.example.yaml

@@ -1,4 +1,4 @@
-# sshagentca example settings file
+# sshtokenca example settings file
 
 # certificate validity. periods of more than 24 hours are
 # not permitted by this implementation. certificates with the 'forever'