Project

General

Profile

Actions

Feature #67

open

Feature #46: add ssh-token support for authentication with OTPme daemons

Implement deployment of SSH public keys

Added by The 2nd about 8 years ago. Updated almost 8 years ago.

Status:
In Bearbeitung
Priority:
Normal
Assignee:
Target version:
Start date:
18 December 2015
Due date:
% Done:

80%

Estimated time:

Description

  • OTPme hostd/noded should deploy SSH public keys of tokens assigend to their host
  • We may use openssh's AuthorizedKeysCommand for this
Actions #1

Updated by The 2nd almost 8 years ago

  • Status changed from Neu to In Bearbeitung
  • % Done changed from 0 to 80
Actions #2

Updated by The 2nd almost 8 years ago

This feature is implemented now as follows:
  • SSH tokens can be assigned to roles, accessgroups, nodes, hosts and groups
  • Key options (e.g. command) can be configured when assigning a token
  • Each node/host requests the list with assigned SSH keys in an configurable interval from the master node
  • OTPme can be configured to require a valid signature (e.g. from an admin) for each SSH key
  • Policies like "autodisable" and "logintimes" are honored on client side to make them work without connection to the master node
Actions

Also available in: Atom PDF