diff options
author | Paul Lettington <paul@plett.co.uk> | 2021-09-05 21:30:26 +0100 |
---|---|---|
committer | Christian Poessinger <christian@poessinger.com> | 2021-09-07 09:37:35 +0200 |
commit | a0ddc0459ed7427359365b579b017a74b3342897 (patch) | |
tree | 26c6d0b78fa7fd99898f13791927abdd9cff70aa | |
parent | 7479329761a80e41b86c8959ebed8c451a4da980 (diff) | |
download | vyos-documentation-a0ddc0459ed7427359365b579b017a74b3342897.tar.gz vyos-documentation-a0ddc0459ed7427359365b579b017a74b3342897.zip |
T971 Document the use of ssh key options
While adding " support in T971, I noticed that `options` weren't
documented at all. This commit adds documentation for ssh options,
including the use of "
(cherry picked from commit 1b93c11014125863c1f5baa2e929893c9195a7a5)
-rw-r--r-- | docs/configuration/system/login.rst | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/docs/configuration/system/login.rst b/docs/configuration/system/login.rst index 0492f4d1..bf26904e 100644 --- a/docs/configuration/system/login.rst +++ b/docs/configuration/system/login.rst @@ -74,6 +74,14 @@ The third part is simply an identifier, and is for your own reference. .. note:: You can assign multiple keys to the same user by using a unique identifier per SSH key. +.. cfgcmd:: set system login user <username> authentication public-keys + <identifier> options <options> + + Set the options for this public key. See the ssh ``authorized_keys`` man page + for details of what you can specify here. To place a ``"`` character in the + options field, use ``"``, for example ``from="10.0.0.0/24"`` + to restrict where the user may connect from when using this key. + .. cfgcmd:: loadkey <username> <location> SSH keys can not only be specified on the command-line but also loaded for @@ -92,12 +100,14 @@ Example ------- In the following example, both `User1` and `User2` will be able to SSH into -VyOS as user ``vyos`` using their very own keys. +VyOS as user ``vyos`` using their very own keys. `User1` is restricted to only +be able to connect from a single IP address. .. code-block:: none set system login user vyos authentication public-keys 'User1' key "AAAAB3Nz...KwEW" set system login user vyos authentication public-keys 'User1' type ssh-rsa + set system login user vyos authentication public-keys 'User1' options "from="192.168.0.100"" set system login user vyos authentication public-keys 'User2' key "AAAAQ39x...fbV3" set system login user vyos authentication public-keys 'User2' type ssh-rsa |