Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
advanced:ssh_certificates [2021/07/03 22:12] – [Install the step CLI Utility] add --install dan | advanced:ssh_certificates [2022/06/02 11:31] (current) – [systemd unit] dan | ||
---|---|---|---|
Line 70: | Line 70: | ||
==== systemd unit ==== | ==== systemd unit ==== | ||
- | Left for later use | + | If your system runs systemd, as most modern Linux distributions do, you can instead set up the daily certificate renewal using a systemd timer. |
+ | |||
+ | === Service file === | ||
+ | Create ''/ | ||
+ | < | ||
+ | # Renew SSH host certificate | ||
+ | # | ||
+ | |||
+ | [Unit] | ||
+ | Description=Renew SSH host certificate | ||
+ | Wants=ssh-host-cert.timer | ||
+ | |||
+ | [Service] | ||
+ | Type=oneshot | ||
+ | ExecStart=/ | ||
+ | ExecStart=/ | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=multi-user.target | ||
+ | </ | ||
+ | |||
+ | === Timer file === | ||
+ | Create ''/ | ||
+ | < | ||
+ | # Renew SSH host certificate daily | ||
+ | # | ||
+ | |||
+ | [Unit] | ||
+ | Description=Renew SSH host certificate daily | ||
+ | Requires=ssh-host-cert.service | ||
+ | |||
+ | [Timer] | ||
+ | OnCalendar= *-*-* 0:0:0 | ||
+ | AccuracySec=2h | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=timers.target | ||
+ | </ | ||
+ | |||
+ | === Enable the timer === | ||
+ | Run '' | ||
===== Configure sshd to use the cert ===== | ===== Configure sshd to use the cert ===== | ||
Line 123: | Line 163: | ||
Regenerate the config file, and restart sshd, by running '' | Regenerate the config file, and restart sshd, by running '' | ||
- | In the renewal script above, replace the last line with '' | + | In the renewal script above, replace the last line with '' |
===== Test ===== | ===== Test ===== | ||
Line 160: | Line 200: | ||
Before you ssh to a host that requires (or accepts) a certificate, | Before you ssh to a host that requires (or accepts) a certificate, | ||
- | The " | + | The " |
===== Test ===== | ===== Test ===== |