Successfully validated SSH key
ssh -i id_rsa.pub email@example.com
Any username works… user1, root, user2, etc…
How does the cert get bound to a single user, or is this a bug?
The SSH server will control access. There are multiple options available for matching in SSH configuration files. Below is example in
/etc/ssh/sshd_config of matching different principals which are referred to as roles in Pritunl Zero for user
/etc/ssh/principals_example2 files can then contain a list of Pritunl Zero roles that will permit access to that user if the Pritunl Zero user has a matching role. The
Match all line will close out the previous
Match statement. There are multiple
Match paremeters available including
Match host to create rules for specific client IP addresses.
Match user example1
Match user example2
If I have 200 users who may need access, and I want attribution to each of the users – I would need 200 user matches configured across each system? Basically assigning a named role for each?
The system is designed around role based access with groups of users being assigned different roles. Each user would need to be assigned a unique role to control access for individual users.