-
Hello all Absent the authorized key file I would have to get a bearer token from a website and use this, if I understand correctly This would mean additional steps for every host I visit and is quite a hassle with 20 or more ssh connections. Or can I use the same token for any host which trusts the same Identity provider ? If yes, can I keep the token in memory or do I have to copy/paste ist again and again ? How would that work in practice with which ssh client under windows ? I would like to get security and some luxury ;-) Thanks for listening Norbert |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 5 replies
-
We can create ssh certificates you can use to authenticate to multiple servers. By default, these certificates are valid by 16h, and they generally live in the Then those certificates need to be trusted but the servers, there's a couple of ways to do it, generally modifying the /etc/sshd_config, but there're other ways, for more details see this discussion #443 So there're no additional steps on the client-side for every host you visit, but you need to configure each host once to trust (user) certificates. |
Beta Was this translation helpful? Give feedback.
-
It was a "joke" about the 16h duration.
An ssh-agent is not required, but it makes things easier, but ssh certificates support is, and I think that's what rules out putty (last time I checked).
There's nothing specific for windows, and open source docs for SSH are yet in progress, this blog post might be helpful:
Once you have step-ca running, initialized with
And then configure the ssh client:
That configuration is supported by OpenSSH (also in windows). To install it you need windows 10:
No, at the moment only the SaaS requires the identity file.
You need to have ssh-agent running, and configured in your terminal/powershell. These I think are windows instructions: For linux, macOS, and others, not for windows unless you use WSL you will need the appropriate Other than that, So if you have the files
OpenSSH will try to use up to 5 keys in the agent, I believe that's the default, if you have more and the one you need is not attempted in the first 5, they you my have problems. But other than that OpenSSH will use the agent by default. But you can also specify it using
Not 100% there but we're already working on on-prem solutions. I hope this answers all your questions. And we need to work on better docs on open-source SSH, the initial focus has be X.509 certificates. |
Beta Was this translation helpful? Give feedback.
It was a "joke" about the 16h duration.
An ssh-agent is not required, but it makes things easier, but ssh certificates support is, and I think that's what rules out putty (last time I checked).
There's nothing specific for windows, and open source docs for SSH are yet in progress, this blog post might be helpful:
https://smallstep.com/blog/diy-single-sign-on-for-ssh/