Skip to content

Commit

Permalink
Document sshd.trusted_cas
Browse files Browse the repository at this point in the history 
slackhq/nebula#1098
  • Loading branch information
@johnmaguire
johnmaguire committed May 1, 2024
1 parent 303e398 commit 1b2bfd5
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions docs/config/sshd.mdx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ sshd:
- user: steeeeve
keys:
- '[ssh public key string]'
trusted_cas:
- '[ssh ca public key string]'
```
See also the [Debugging with Nebula SSH commands](/docs/guides/debug-ssh-commands/) guide.
Expand Down Expand Up @@ -70,3 +72,11 @@ You can generate a host key using the `ssh-keygen` command line utility.
These options are how you create `users` for the debug ssh daemon. Password authentication for the ssh debug console is
NOT supported.
# sshd.trusted_cas
As an alternative to (or in addition to) `authorized_users`, you may define a list of trusted SSH CA public keys. Any
SSH certificate signed by a trusted CA will be granted access to the SSH debug server.
If an SSH certificate contains at least one principal, the connecting username must match a principal in the
certificate. If no principals are specified in the certificate, any username can be used.

0 comments on commit 1b2bfd5

Please sign in to comment.