Project

General

Profile

Feature #67

Feature #46: add ssh-token support for authentication with OTPme daemons

Implement deployment of SSH public keys

Added by The 2nd over 4 years ago. Updated about 4 years ago.

Status:
In Bearbeitung
Priority:
Normal
Assignee:
Target version:
Start date:
18 December 2015
Due date:
% Done:

80%


Description

  • OTPme hostd/noded should deploy SSH public keys of tokens assigend to their host
  • We may use openssh's AuthorizedKeysCommand for this

History

#1 Updated by The 2nd over 4 years ago

  • Status changed from Neu to In Bearbeitung
  • % Done changed from 0 to 80

#2 Updated by The 2nd about 4 years ago

This feature is implemented now as follows:
  • SSH tokens can be assigned to roles, accessgroups, nodes, hosts and groups
  • Key options (e.g. command) can be configured when assigning a token
  • Each node/host requests the list with assigned SSH keys in an configurable interval from the master node
  • OTPme can be configured to require a valid signature (e.g. from an admin) for each SSH key
  • Policies like "autodisable" and "logintimes" are honored on client side to make them work without connection to the master node

Also available in: Atom PDF