-
|
Hello, Is there any option to restrict teleport user access to certain SSH nodes based on the "Host" name rather than using node labels? The other thing about security: We often create accounts for our contractors with limited but root access to SSH nodes. Since they have root access to the SSH nodes they can easily adjust the client config, removing or modifying the hostname which they could potentially trick out the filtering based on the labels and/or "Host" name and allowing them full access to all SSH nodes in the cluster. Any comment on this? Due to their work root access on the SSH nodes are mandatory. Thank you |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
No, Teleport's RBAC system is based on labels and not other attributes.
Can you elaborate a bit on this? I understand with root access they could change the labels of the node they already have access to, but I don't see how it applies to nodes they don't have access to. |
Beta Was this translation helpful? Give feedback.
-
|
all clear, disregard my second question, thank you |
Beta Was this translation helpful? Give feedback.
No, Teleport's RBAC system is based on labels and not other attributes.
Can you elaborate a bit on this? I understand with root access they could change the labels of the node they already have access to, but I don't see how it applies to nodes they don't have access to.