summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Lettington <paul@plett.co.uk>2021-09-05 21:30:26 +0100
committerChristian Poessinger <christian@poessinger.com>2021-09-07 09:37:35 +0200
commita0ddc0459ed7427359365b579b017a74b3342897 (patch)
tree26c6d0b78fa7fd99898f13791927abdd9cff70aa
parent7479329761a80e41b86c8959ebed8c451a4da980 (diff)
downloadvyos-documentation-a0ddc0459ed7427359365b579b017a74b3342897.tar.gz
vyos-documentation-a0ddc0459ed7427359365b579b017a74b3342897.zip
T971 Document the use of ssh key options
While adding &quot; support in T971, I noticed that `options` weren't documented at all. This commit adds documentation for ssh options, including the use of &quot; (cherry picked from commit 1b93c11014125863c1f5baa2e929893c9195a7a5)
-rw-r--r--docs/configuration/system/login.rst12
1 files changed, 11 insertions, 1 deletions
diff --git a/docs/configuration/system/login.rst b/docs/configuration/system/login.rst
index 0492f4d1..bf26904e 100644
--- a/docs/configuration/system/login.rst
+++ b/docs/configuration/system/login.rst
@@ -74,6 +74,14 @@ The third part is simply an identifier, and is for your own reference.
.. note:: You can assign multiple keys to the same user by using a unique
identifier per SSH key.
+.. cfgcmd:: set system login user <username> authentication public-keys
+ <identifier> options <options>
+
+ Set the options for this public key. See the ssh ``authorized_keys`` man page
+ for details of what you can specify here. To place a ``"`` character in the
+ options field, use ``&quot;``, for example ``from=&quot;10.0.0.0/24&quot;``
+ to restrict where the user may connect from when using this key.
+
.. cfgcmd:: loadkey <username> <location>
SSH keys can not only be specified on the command-line but also loaded for
@@ -92,12 +100,14 @@ Example
-------
In the following example, both `User1` and `User2` will be able to SSH into
-VyOS as user ``vyos`` using their very own keys.
+VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only
+be able to connect from a single IP address.
.. code-block:: none
set system login user vyos authentication public-keys 'User1' key "AAAAB3Nz...KwEW"
set system login user vyos authentication public-keys 'User1' type ssh-rsa
+ set system login user vyos authentication public-keys 'User1' options "from=&quot;192.168.0.100&quot;"
set system login user vyos authentication public-keys 'User2' key "AAAAQ39x...fbV3"
set system login user vyos authentication public-keys 'User2' type ssh-rsa