2

My SSH server is configured to use certificate authentication, so it will trust anyone who presents a certificate issued by the user CA when they connect.

For reasons related with audit logs, I don't want my server admins to access the server with root. Which would be the standard way to have user accounts created in the server, so admins can log in using their own accounts?

I'm thinking of a flow like this:

  1. Alice, server administrator, wants to access server1.
  2. She uses her SSH certificate signed by the user CA to connect to server1 issuing the command ssh alice@server1 (the certificate is stored in her local SSH agent).
  3. server1 checks Alice's certificate signature and confirms it was issued by the user CA using the public key specified by the TrustedUserCAKeys key in the sshd_config file).
  4. server1 sends its host certificate to Alice, which gets validated by the ssh client using the host CA's public key in the known_hosts file.
  5. The server creates the alice user locally, along with its home directory and group bindings. Here's where I need your magic.
  6. Alice gets a shell with user alice in server1 and does her admin stuff.
Improve this question

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .