Support for certificate based authentication #452
Comments
carlo-quinonez
changed the title
|
yes both downstream and upstream but need a customized plugin to do the ca verification auth downstream in your case only right? |
|
to verify downstream ca, need new custom plugin |
|
Yes, we only need to use certificate authentication of the user that's initiating the ssh connection. And just want to confirm my understanding...
|
|
correct may i know which plugin you're using, i can add ca check support |
|
At the moment, we're (re)planning out a solution. full contextWe designed, implemented and tested a solution based on ssh-piper V0, but project lost momentum and we never deployed it to production. The entire solution consisted of ssh-piper and AWS Step Functions to orchestrate transient jump hosts. The lifecycle of the jump host was tied to the lifecycle of the support case. The solution involved two instances of ssh-piper, one to handle routing connections from our field service engineerings, and the second instance handled routing connections from the devices. We needed two instances of ssh-piper because people and machines needed to authenticate differently... Now, we've been asked to resurrect the solution AND enhance it to support certificate based authentication and I'm trying to wrap my head around what, if any, changes we need to make to the prior solution. |
|
We were using the old database plugin |
|
i would suggest to take a look at https://github.com/tg123/sshpiper-openpubkey also, CA support will be first added to |
I searched and saw some issues and even a PR that were relevant to certificate support, but it wasn't clear what plugin supports this nor how to configure it.
Our company has setup Step CA to enable certificate-based SSH access for service persons supporting customers with the devices we sell.
Does ssh-piper support certificate-based SSH authentication?
The text was updated successfully, but these errors were encountered: