Pierre-Yves Chibon 8db145eba7 Document how to generate 2FA keys/certs

Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr>

2020-08-04 17:21:23 +02:00

How to generate 2 Factor Authentication key and certificate

Doing this requires membership in sysadmin-main FAS group.

All the following commands should be ran on one of batcave hosts.

Clone ansible-private repo:

git clone /srv/git/ansible-private

Change into files/vpn subdirectory in cloned repo:

cd ansible-private/files/2fa-certs

The process is described in the README but is basically:

. ./vars; ./build-and-sign-key <hostname>

Add generated files to git index, commit, push:

git status
git add .
git commit -a -m "Add 2 FA key/cert for <hostname>"
git show
git push