Vault SSH PAM configuration for CoreOS.
PAM configuration for allowing Vault OTP SSH access to CoreOS instances. Rather than override the default sshd on CoreOS, use rkt
or docker
to run install.sh
to sync the contents to the root file system. Includes a minimal PAM modification, vault-ssh-helper PAM file, and vault-ssh-helper
binary.
The config file /etc/vault/ssh.hcl
is up to you to provide.
Check out the Vagrant config used for testing.
[Service]
Type=oneshot
ExecStartPre=/usr/bin/rkt fetch --trust-keys-from-https quay.io/roboll/vault-ssh-coreos:v0.2.0
ExecStart=/usr/bin/rkt run --volume {} --mount {} quay.io/roboll/vault-ssh-coreos:v0.2.0