| Table of Contents |
|---|
Abstract
To enable certificate based login on a host, the public rsa key ssh_host_rsa_key.pub needs to be signed. The resulting certificate is called ssh_host_rsa_key-cert.pub. To enable ssh based login two things are required on the host:
...
Then we need to populate the principals file:
| Code Block | ||
|---|---|---|
| ||
mkdir /etc/ssh/auth_principals
echo -e 'host.netdef.org\nroot-everywhere' > /etc/ssh/auth_principals/root |
This allows to all users to loggin as root that have either host.netdef.org or root-everywhere specified in the list of principals within their certificate.
You can control access to any other local user by creating the coresponding files under /etc/ssh/auth_principals.
Step 4 - Restart SSH
Restart SSH to apply all the changes!