sshd-mf: add RPM for configuring sshd with HC Vault

Signed-off-by: Matej Focko <me@mfocko.xyz>

sshd-mf/90-mf-ca.conf

@@ -0,0 +1 @@
+TrustedUserCAKeys /etc/ssh/sshd_config.d/trusted-user-ca-keys.pem

sshd-mf/sshd-mf.spec

@@ -0,0 +1,37 @@
+Name:           sshd-mf
+Version:        0.1
+Release:        1%{?dist}
+Summary:        SSHD configuration that allows logging in via signed SSH certificates
+License:        MIT
+Source0:        %{name}-%{version}.tar.gz
+
+%description
+Configuration files for ssh server that allow logging in via signed SSH certificates
+provided by mf's HashiCorp Vault instance.
+
+%prep
+%autosetup
+
+%install
+mkdir -p %{buildroot}%{_sysconfdir}/ssh/sshd_config.d
+
+install -m 600 trusted-user-ca-keys.pem %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/
+install -m 600 90-mf-ca.conf %{buildroot}%{_sysconfdir}/ssh/sshd_config.d/
+
+%post
+if [ -d /run/systemd ]; then
+  systemctl restart sshd
+fi
+
+%postun
+if [ -d /run/systemd ]; then
+  systemctl restart sshd
+fi
+
+%files
+%config %{_sysconfdir}/ssh/sshd_config.d/{trusted-user-ca-keys.pem,90-mf-ca.conf}
+
+%changelog
+* Wed Aug 09 2023 Matej Focko <me@mfocko.xyz> - 0.1-1
+- Initial release
+

sshd-mf/trusted-user-ca-keys.pem

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3WLRlb8NkXgJ3FLEK+9C2Sd96V6hJiDsnM8dboxScmlLrU7DsMzaTd+vbRDgFODiZ/e0JMEdbZq6XVfTZY5ZLjXeTJ7xlzx4FQy99g2EMgo+/zdRzisPAKLyAGVm7pcAQgUc/MlH7FVjNyflqDlyLq6ZXmjrP3tWBvm15gom8SlvelRer3uPuEG1I1yet2fS2NNggMS2zKEdJS89wAmYtwQLhbw4c6JMT+8mIHy/OHXurf+l13nGdTi09qbOzf3YykelnuIWDNWYIXnqldrcp58tzu8IUE70VZWxc0hV8t1pfQfN3ehi+K5MpnT9UAwMpRxO8kw+ZlDdy6keVtXiBJPEPAwYEbtDrFXWRbnq4eNndQt2FCXNz4JIPJBMME++0OU0gMQxyrLYsg7a6tkxViyvWaatntdkIFPTxoIjVVJxHHA0V+Pq9+6JpZmvm6NjHvR98Q7IzEqBPqPyguQgMEV0Ef6BR4ZwQ/9D8eYfjVaeviKTbBPDA/gy/eMP80os/4RhpyUpX6bsa0TDzXWlD7bFKyPoTTeV2VetyrNg15w2e0H3bO13jt90K9PUzCn0aYYwAUD5kvwEIX7SUTWYXI2BVfEh2Z9kEOVVpCRxzrMZqfdLJRWY6r0Ggtn8HozBMCSMJc72KKS69hPiXVgFHXiBvX7+anrantDzzPNsGTw==