This repository has been archived by the owner on Nov 8, 2021. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 290
SaveUserName must be Unsave in authorized_keys_command #27
Comments
Good one ;-) |
Closed
michaelwittig
pushed a commit
that referenced
this issue
Apr 4, 2017
* If defined, use IAM AssumeRole to fetch users and ssh keys from another AWS account * Untested: Fold the ability to use IAM AssumeRole in the showcase CF template * Import only specified IAM groups While trying to implement this feature looking at the many forks, I decided to mix the various implementations into something for ourselves. Split up the script in functions Created some meaningfull global variables * Change variable name so its the same as in the import_users.sh. Use read -r * Restore ability to import all users by leaving IAM_AUTHORIZED_GROUPS empty * Restore ability to specify an IAM group that should be added to sudo * Add assumerole to install.sh * Document how to setup cross account access * Use same markdown style as the README.md * Default to import all IAM users and update install.sh to explain how to limit the IAM groups to import * Make the LOCAL_GROUPS optional and document in install.sh * Handle iam users with a dash in the name * Remove users no longer in the IAM groups we give access to the instance * Handle the situation where a user is in more then one IAM group we want to sync * use full path to usermod binary * some more absolute paths to binaries that are normally not in the $PATH of cron * And use absolute path to groupadd as well since cron could not find it * fix typo * Allow usernames with a dash. Thanks for spotting this one @malytic * When checking the ssh key, make sure we transform the "save" username back to the original IAM "unsave" username. Fixes upstream issue #27
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Instead of
the username must be changed in the opposite direction:
(reported via email
The text was updated successfully, but these errors were encountered: