<feed xmlns='http://www.w3.org/2005/Atom'>
<title>vyos-1x.git/data/templates/login/authorized_principals.j2, branch feature/T9082-codeql-cpp</title>
<subtitle>VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git)
</subtitle>
<id>https://git.amelek.net/vyos/vyos-1x.git/atom?h=feature%2FT9082-codeql-cpp</id>
<link rel='self' href='https://git.amelek.net/vyos/vyos-1x.git/atom?h=feature%2FT9082-codeql-cpp'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/'/>
<updated>2025-05-29T11:57:48+00:00</updated>
<entry>
<title>ssh: T6013: move principal name to "system login user &lt;name&gt; authentication"</title>
<updated>2025-05-29T11:57:48+00:00</updated>
<author>
<name>Christian Breunig</name>
<email>christian@breunig.cc</email>
</author>
<published>2025-05-20T17:49:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/vyos/vyos-1x.git/commit/?id=81dfb64ebb3ea3c58c92e8f26e8610a46e4c50d2'/>
<id>urn:sha1:81dfb64ebb3ea3c58c92e8f26e8610a46e4c50d2</id>
<content type='text'>
We already support using per-user SSH public keys for system authentication.
Instead of introducing a new CLI path to configure per-user principal names,
we should continue using the existing CLI location and store the principal
names alongside the corresponding SSH public keys.

set system login user &lt;name&gt; principal &lt;principal&gt;

The certificate used for SSH authentication contains an embedded principal
name, which is defined under this CLI node. Only users with matching principal
names are permitted to log in.
</content>
</entry>
</feed>
