smallstep pre-load SSH configuration on laptops so that step ssh config --team name is not required. :

pre-load SSH configuration on laptops so that step ssh config --team name is not required. Print

Created by: Linda Brown

Modified on: Sun, 1 May, 2022 at 10:44 AM

You can template the ~/.step/config/defaults.json file with Ansible with the different redirect URL:

[jdoss@sw-0608 config]$ ll ~/.step/config/defaults.json
-rw-r--r--. 1 jdoss jdoss 253 Feb  9 19:50 /home/jdoss/.step/config/defaults.json
[jdoss@sw-0608 config]$ cat ~/.step/config/defaults.json
{
  "ca-url": "<https://ssh.joetest.ca.smallstep.com>",
  "fingerprint": "snip",
  "root": "/home/jdoss/.step/certs/root_ca.crt",
  "redirect-url": "<https://smallstep.com/app/teams/sso/success>"
}

You can create a fresh client and step ssh config --team name and then see the files it puts down initially

[jdoss@sw-0608 ~]$ tree .step/
.step/
├── certs
│   └── root_ca.crt
├── config
│   ├── defaults.json
│   └── identity.json
├── identity
│   ├── identity.crt
│   └── identity_key
└── ssh
    ├── config
    ├── includes
    └── known_hosts

We have had another customer that wants to template these per user on workstation provision which is fine but the .crt and key files are pulled down by the step ssh login. You should be fine to template at least defaults.json

Linda is the author of this solution article.

Did you find it helpful? Yes No

pre-load SSH configuration on laptops so that step ssh config --team name is not required. Print

Related Articles