Add ssh renewer

smallstep · Dec 28, 2020 · bfc7763 · bfc7763
1 parent 9460e58
commit bfc7763
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 0 deletions.
diff --git a/renewer/ssh/Dockerfile b/renewer/ssh/Dockerfile
@@ -0,0 +1,12 @@
+FROM smallstep/step-cli:0.15.3
+
+USER root
+ENV USER_KEY="/var/run/autocert.step.sm/ssh_user_key"
+ENV HOST_KEY="/var/run/autocert.step.sm/ssh_host_key"
+ENV STEP_ROOT="/var/run/autocert.step.sm/root.crt"
+ENV RENEWAL_SEC="21600"
+ENV RENEWAL_JITTER_SEC="600"
+
+COPY renewer/ssh/renewer.sh /home/step/
+RUN chmod +x /home/step/renewer.sh
+CMD ["/home/step/renewer.sh"]
diff --git a/renewer/ssh/renewer.sh b/renewer/ssh/renewer.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+set -e
+
+if [ "$STEP_HOST" == "" ];
+then
+    KEY=$USER_KEY
+else
+    KEY=$HOST_KEY
+fi
+
+while true; do
+  sleep $(expr $RENEWAL_SEC + $RANDOM % $RENEWAL_JITTER_SEC);
+  step ssh renew -f $KEY-cert.pub $KEY;
+done;