summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--docs/critical/template.rst45
-rw-r--r--docs/sshkeys.rst2
-rw-r--r--docs/systems/arbitration.rst23
-rw-r--r--docs/systems/blog.rst22
-rw-r--r--docs/systems/board.rst22
-rw-r--r--docs/systems/email.rst22
-rw-r--r--docs/systems/infra02.rst26
-rw-r--r--docs/systems/monitor.rst23
-rw-r--r--docs/systems/template.rst45
-rw-r--r--docs/systems/webmail.rst22
10 files changed, 79 insertions, 173 deletions
diff --git a/docs/critical/template.rst b/docs/critical/template.rst
index 006f7ed..6419262 100644
--- a/docs/critical/template.rst
+++ b/docs/critical/template.rst
@@ -228,24 +228,13 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | |
-+-----------+-----------------------------------------------------+
-| DSA | |
-+-----------+-----------------------------------------------------+
-| ECDSA | |
-+-----------+-----------------------------------------------------+
-| ED25519 | |
-+-----------+-----------------------------------------------------+
-
-.. seealso::
+.. add the MD5 fingerprints of the SSH host keys
- See :doc:`../sshkeys`
+.. sshkeys::
+ :RSA:
+ :DSA:
+ :ECDSA:
+ :ED25519:
Dedicated user roles
--------------------
@@ -280,15 +269,31 @@ Critical Configuration items
Keys and X.509 certificates
---------------------------
-* :file:`/etc/apache2/ssl/<path to certificate>` server certificate (valid until <datetime>)
-* :file:`/etc/apache2/ssl/<path to server key>` server key
+.. use the sslcert directive to have certificates added to the certificate list
+ automatically
+
+.. sslcert:: template.cacert.org
+ :altnames:
+ :certfile:
+ :keyfile:
+ :serial:
+ :expiration:
+ :sha1fp:
+ :issuer:
+
+.. for certificates that are orginally created on another host use
+
+.. sslcert:: other.cacert.org
+ :certfile:
+ :keyfile:
+ :serial:
+ :secondary:
.. * `/etc/apache2/ssl/cacert-certs.pem` CAcert.org Class 1 and Class 3 CA certificates (allowed CA certificates for client certificates)
* `/etc/apache2/ssl/cacert-chain.pem` CAcert.org Class 1 certificate (certificate chain for server certificate)
.. seealso::
- * :doc:`../certlist`
* :wiki:`SystemAdministration/CertificateList`
<service_x> configuration
diff --git a/docs/sshkeys.rst b/docs/sshkeys.rst
index b9d8ec0..07efa21 100644
--- a/docs/sshkeys.rst
+++ b/docs/sshkeys.rst
@@ -1,3 +1,5 @@
=============
SSH Host Keys
=============
+
+.. sshkeylist::
diff --git a/docs/systems/arbitration.rst b/docs/systems/arbitration.rst
index 7558690..04aea5c 100644
--- a/docs/systems/arbitration.rst
+++ b/docs/systems/arbitration.rst
@@ -195,27 +195,13 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | ``a3:6c:f1:f8:8c:81:7c:f7:3b:4e:e4:0e:a3:02:8e:18`` |
-+-----------+-----------------------------------------------------+
-| DSA | ``eb:66:0e:0d:d1:f3:d8:02:3a:ed:71:7a:b2:04:db:75`` |
-+-----------+-----------------------------------------------------+
-| ECDSA | ``54:a3:76:46:66:fc:3f:2d:9b:e4:bd:49:ba:fe:98:09`` |
-+-----------+-----------------------------------------------------+
-| ED25519 | \- |
-+-----------+-----------------------------------------------------+
+.. sshkeys::
+ :RSA: a3:6c:f1:f8:8c:81:7c:f7:3b:4e:e4:0e:a3:02:8e:18
+ :DSA: eb:66:0e:0d:d1:f3:d8:02:3a:ed:71:7a:b2:04:db:75
+ :ECDSA: 54:a3:76:46:66:fc:3f:2d:9b:e4:bd:49:ba:fe:98:09
.. todo:: setup ED25519 host key
-.. seealso::
-
- See :doc:`../sshkeys`
-
Dedicated user roles
--------------------
@@ -256,7 +242,6 @@ Keys and X.509 certificates
.. seealso::
- * :doc:`../certlist`
* :wiki:`SystemAdministration/CertificateList`
Nginx configuration
diff --git a/docs/systems/blog.rst b/docs/systems/blog.rst
index 46fc16c..3a11d39 100644
--- a/docs/systems/blog.rst
+++ b/docs/systems/blog.rst
@@ -220,27 +220,13 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | ``ec:cb:b5:13:7c:17:c4:c3:23:3d:ee:01:58:75:b5:8d`` |
-+-----------+-----------------------------------------------------+
-| DSA | ``c6:a7:52:f6:63:ce:73:95:41:35:90:45:9e:e0:06:a5`` |
-+-----------+-----------------------------------------------------+
-| ECDSA | ``00:d7:4b:3c:da:1b:24:76:74:1c:dd:2c:64:50:5f:81`` |
-+-----------+-----------------------------------------------------+
-| ED25519 | \- |
-+-----------+-----------------------------------------------------+
+.. sshkeys::
+ :RSA: ec:cb:b5:13:7c:17:c4:c3:23:3d:ee:01:58:75:b5:8d
+ :DSA: c6:a7:52:f6:63:ce:73:95:41:35:90:45:9e:e0:06:a5
+ :ECDSA: 00:d7:4b:3c:da:1b:24:76:74:1c:dd:2c:64:50:5f:81
.. todo:: setup ED25519 host key
-.. seealso::
-
- See :doc:`../sshkeys`
-
Dedicated user roles
--------------------
diff --git a/docs/systems/board.rst b/docs/systems/board.rst
index b454b27..3e97217 100644
--- a/docs/systems/board.rst
+++ b/docs/systems/board.rst
@@ -197,27 +197,13 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | ``c7:a0:3f:63:a5:cb:9a:8f:1f:eb:55:63:46:c3:8d:f1`` |
-+-----------+-----------------------------------------------------+
-| DSA | ``f6:b7:e5:52:24:27:1e:ea:32:c8:f1:2e:45:f7:24:d3`` |
-+-----------+-----------------------------------------------------+
-| ECDSA | ``0f:fc:76:f8:24:99:95:f7:d2:28:59:6e:f0:1e:39:ac`` |
-+-----------+-----------------------------------------------------+
-| ED25519 | \- |
-+-----------+-----------------------------------------------------+
+.. sshkeys::
+ :RSA: c7:a0:3f:63:a5:cb:9a:8f:1f:eb:55:63:46:c3:8d:f1
+ :DSA: f6:b7:e5:52:24:27:1e:ea:32:c8:f1:2e:45:f7:24:d3
+ :ECDSA: 0f:fc:76:f8:24:99:95:f7:d2:28:59:6e:f0:1e:39:ac
.. todo:: setup ED25519 host key
-.. seealso::
-
- See :doc:`../sshkeys`
-
Non-distribution packages and modifications
-------------------------------------------
diff --git a/docs/systems/email.rst b/docs/systems/email.rst
index 1c801aa..d0b5eb1 100644
--- a/docs/systems/email.rst
+++ b/docs/systems/email.rst
@@ -214,29 +214,14 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | ``a1:d2:17:53:6b:0f:b6:a4:14:13:46:f7:04:ef:4a:23`` |
-+-----------+-----------------------------------------------------+
-| DSA | ``f4:eb:0a:36:40:1c:55:6b:75:a2:26:34:ea:18:7e:91`` |
-+-----------+-----------------------------------------------------+
-| ECDSA | \- |
-+-----------+-----------------------------------------------------+
-| ED25519 | \- |
-+-----------+-----------------------------------------------------+
+.. sshkeys::
+ :RSA: a1:d2:17:53:6b:0f:b6:a4:14:13:46:f7:04:ef:4a:23
+ :DSA: f4:eb:0a:36:40:1c:55:6b:75:a2:26:34:ea:18:7e:91
.. warning::
The system is too old to support ECDSA or ED25519 keys.
-.. seealso::
-
- See :doc:`../sshkeys`
-
Non-distribution packages and modifications
-------------------------------------------
@@ -290,7 +275,6 @@ Postfix and IMAP with STARTTLS, IMAPS, POP3 with STARTTLS, POP3S and pysieved)
.. seealso::
- * :doc:`../certlist`
* :wiki:`SystemAdministration/CertificateList`
Apache configuration
diff --git a/docs/systems/infra02.rst b/docs/systems/infra02.rst
index 76cc3b9..6306528 100644
--- a/docs/systems/infra02.rst
+++ b/docs/systems/infra02.rst
@@ -203,27 +203,11 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-.. index::
- single: SSH host keys; Infra02
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | ``86:d5:f8:71:2e:ab:5e:50:5d:f6:37:6b:16:8f:d1:1c`` |
-+-----------+-----------------------------------------------------+
-| DSA | ``b4:fb:c2:74:33:eb:cc:f0:3e:31:38:c9:a8:df:0a:f5`` |
-+-----------+-----------------------------------------------------+
-| ECDSA | ``79:c4:b8:ff:ef:c9:df:9a:45:07:8d:ab:71:7c:e9:c0`` |
-+-----------+-----------------------------------------------------+
-| ED25519 | ``25:d1:c7:44:1c:38:9e:ad:89:32:c7:9c:43:8e:41:c4`` |
-+-----------+-----------------------------------------------------+
-
-.. seealso::
-
- See :doc:`../sshkeys`
+.. sshkeys::
+ :RSA: 86:d5:f8:71:2e:ab:5e:50:5d:f6:37:6b:16:8f:d1:1c
+ :DSA: b4:fb:c2:74:33:eb:cc:f0:3e:31:38:c9:a8:df:0a:f5
+ :ECDSA: 79:c4:b8:ff:ef:c9:df:9a:45:07:8d:ab:71:7c:e9:c0
+ :ED25519: 25:d1:c7:44:1c:38:9e:ad:89:32:c7:9c:43:8e:41:c4
Dedictated user roles
---------------------
diff --git a/docs/systems/monitor.rst b/docs/systems/monitor.rst
index c206e43..fb5472a 100644
--- a/docs/systems/monitor.rst
+++ b/docs/systems/monitor.rst
@@ -223,24 +223,10 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | ``df:98:f5:ea:05:c1:47:52:97:58:8f:42:55:d6:d9:b6`` |
-+-----------+-----------------------------------------------------+
-| DSA | ``07:2b:10:b1:6d:79:35:0f:83:aa:fc:ba:d6:2f:51:dc`` |
-+-----------+-----------------------------------------------------+
-| ECDSA | ``48:46:b1:5a:4e:05:64:8a:c3:76:33:77:20:91:14:70`` |
-+-----------+-----------------------------------------------------+
-| ED25519 | \- |
-+-----------+-----------------------------------------------------+
-
-.. seealso::
-
- See :doc:`../sshkeys`
+.. sshkeys::
+ :RSA: df:98:f5:ea:05:c1:47:52:97:58:8f:42:55:d6:d9:b6
+ :DSA: 07:2b:10:b1:6d:79:35:0f:83:aa:fc:ba:d6:2f:51:dc
+ :ECDSA: 48:46:b1:5a:4e:05:64:8a:c3:76:33:77:20:91:14:70
Non-distribution packages and modifications
-------------------------------------------
@@ -273,7 +259,6 @@ Keys and X.509 certificates
.. seealso::
- * :doc:`../certlist`
* :wiki:`SystemAdministration/CertificateList`
CRL fetch job
diff --git a/docs/systems/template.rst b/docs/systems/template.rst
index 006f7ed..6419262 100644
--- a/docs/systems/template.rst
+++ b/docs/systems/template.rst
@@ -228,24 +228,13 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | |
-+-----------+-----------------------------------------------------+
-| DSA | |
-+-----------+-----------------------------------------------------+
-| ECDSA | |
-+-----------+-----------------------------------------------------+
-| ED25519 | |
-+-----------+-----------------------------------------------------+
-
-.. seealso::
+.. add the MD5 fingerprints of the SSH host keys
- See :doc:`../sshkeys`
+.. sshkeys::
+ :RSA:
+ :DSA:
+ :ECDSA:
+ :ED25519:
Dedicated user roles
--------------------
@@ -280,15 +269,31 @@ Critical Configuration items
Keys and X.509 certificates
---------------------------
-* :file:`/etc/apache2/ssl/<path to certificate>` server certificate (valid until <datetime>)
-* :file:`/etc/apache2/ssl/<path to server key>` server key
+.. use the sslcert directive to have certificates added to the certificate list
+ automatically
+
+.. sslcert:: template.cacert.org
+ :altnames:
+ :certfile:
+ :keyfile:
+ :serial:
+ :expiration:
+ :sha1fp:
+ :issuer:
+
+.. for certificates that are orginally created on another host use
+
+.. sslcert:: other.cacert.org
+ :certfile:
+ :keyfile:
+ :serial:
+ :secondary:
.. * `/etc/apache2/ssl/cacert-certs.pem` CAcert.org Class 1 and Class 3 CA certificates (allowed CA certificates for client certificates)
* `/etc/apache2/ssl/cacert-chain.pem` CAcert.org Class 1 certificate (certificate chain for server certificate)
.. seealso::
- * :doc:`../certlist`
* :wiki:`SystemAdministration/CertificateList`
<service_x> configuration
diff --git a/docs/systems/webmail.rst b/docs/systems/webmail.rst
index 14eded6..5eab801 100644
--- a/docs/systems/webmail.rst
+++ b/docs/systems/webmail.rst
@@ -206,29 +206,14 @@ Outbound network connections
Security
========
-SSH host keys
--------------
-
-+-----------+-----------------------------------------------------+
-| Algorithm | Fingerprint |
-+===========+=====================================================+
-| RSA | ``82:91:22:22:10:75:ab:0e:55:05:9a:f9:98:cb:94:48`` |
-+-----------+-----------------------------------------------------+
-| DSA | ``6b:6e:59:37:41:83:a5:89:2a:18:04:23:51:53:5d:cd`` |
-+-----------+-----------------------------------------------------+
-| ECDSA | \- |
-+-----------+-----------------------------------------------------+
-| ED25519 | \- |
-+-----------+-----------------------------------------------------+
+.. sshkeys::
+ :RSA: 82:91:22:22:10:75:ab:0e:55:05:9a:f9:98:cb:94:48
+ :DSA: 6b:6e:59:37:41:83:a5:89:2a:18:04:23:51:53:5d:cd
.. warning::
The system is too old to support ECDSA or ED25519 keys.
-.. seealso::
-
- See :doc:`../sshkeys`
-
Non-distribution packages and modifications
-------------------------------------------
@@ -279,7 +264,6 @@ Keys and X.509 certificates
.. seealso::
- * :doc:`../certlist`
* :wiki:`SystemAdministration/CertificateList`
Apache configuration