diff options
| author | Takeru Hayasaka <hayatake396@gmail.com> | 2024-12-28 19:58:02 +0000 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2025-05-29 13:57:48 +0200 |
| commit | 6c3b1ef2fede1e3c2b6e89060d3d645c2ba744cd (patch) | |
| tree | 6c3c060d70a3d48f5b10709f9be067f6a9d49f33 /data | |
| parent | e604e68a5a77718a25b60737dcb9699b84c8e34b (diff) | |
| download | vyos-1x-6c3b1ef2fede1e3c2b6e89060d3d645c2ba744cd.tar.gz vyos-1x-6c3b1ef2fede1e3c2b6e89060d3d645c2ba744cd.zip | |
ssh: T6013: support SSH AuthorizedPrincipalsFile in use with trusted-user-ca-key
Thisc omplements commit e7cab89f9f81 ("T6013: Add support for configuring
TrustedUserCAKeys in SSH service with local and remote CA keys"). It introduces
a new CLI node per user to support defining the authorized principals used by
any given PKI certificate. It is now possible to associate SSH login users with
their respective principals.
Authored-by: Takeru Hayasaka <hayatake396@gmail.com>
Diffstat (limited to 'data')
| -rw-r--r-- | data/templates/ssh/sshd_config.j2 | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/data/templates/ssh/sshd_config.j2 b/data/templates/ssh/sshd_config.j2 index 7e44efae8..d6e31b0f4 100644 --- a/data/templates/ssh/sshd_config.j2 +++ b/data/templates/ssh/sshd_config.j2 @@ -114,3 +114,9 @@ RekeyLimit {{ rekey.data }}M {{ rekey.time + 'M' if rekey.time is vyos_defined } {% if trusted_user_ca_key is vyos_defined %} TrustedUserCAKeys /etc/ssh/trusted_user_ca_key {% endif %} + +{% if trusted_user_ca_key is vyos_defined and trusted_user_ca_key.bind_user is vyos_defined %} +AuthorizedPrincipalsFile /etc/ssh/authorized_principals/%u +{% elif trusted_user_ca_key is vyos_defined %} +AuthorizedPrincipalsFile none +{% endif %} |