Keep proxycommand from sending the SSH user as a principal. #900
Unanswered
flatheadmill
asked this question in
General
Replies: 3 comments 3 replies
-
Realize this is more of a |
Beta Was this translation helpful? Give feedback.
3 replies
-
Related to smallstep/cli#807 |
Beta Was this translation helpful? Give feedback.
0 replies
-
@flatheadmill, @Janhouse This PR might fix this issue #1206 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I've configured SSH to use
~/.ssh/authorized_principals
so that a userfred.flinstone@slate.com
can log in usingfred@mysql.state.com
. When the user key expires,step ssh proxycommand
will send a signing request with the principalfred
which is rejected with ...I tell Fred to just use
step ssh login
for now.Is there a way to tell
step ssh proxycommand
to just use the email returned from the OIDC token?I'm aware that I can solve this by writing an alternative to
step ssh proxycommand
. Just want to make sure I'm not missing anything.Beta Was this translation helpful? Give feedback.
All reactions