Displaying 2 results from an estimated 2 matches for "www_authorizedprincip".
2020 Jan 30
3
SSH certificates - restricting to host groups
...hz information needs to change
on a quicker cadence than your config pushes) on the machines.
you'd have something like
$ cat /etc/ssh/sshd_config
<snip>
TrustedUserCAKeys /etc/ssh/TrustedUserCAKeys
Match User www
AuthorizedKeysFile /etc/ssh/empty
AuthorizedPrincipalsFile /etc/ssh/www_authorizedPrincipals
<snip>
$ cat /etc/ssh/www_authorized_principals
alice
bob
and alice and bob just have regular user certificates with 'alice' or
'bob' in the princpals
2020 Jan 30
5
SSH certificates - restricting to host groups
Hello,
I am trying to work out the best way to issue SSH certificates in such
way that they only allow access to specific usernames *and* only to
specific groups of host.
As a concrete example: I want Alice to be able to login as "alice" and
"www" to machines in group "webserver" (only). Also, I want Bob to be
able to login as "bob" and