RAC SSH Public Key Authentication
About RAC SSH public key authentication
The RAC provider supports SSH public key authentication. This allows for secure connections to SSH endpoints without the use of passwords.
SSH private keys can be configured via several methods:
Apply a private key to an RAC provider
- Log in to authentik as an administrator, and open the authentik Admin interface.
- Navigate to Applications > Providers.
- Click the Edit icon on the RAC provider that requires public key authentication.
- In the Settings codebox enter the private key of the endpoint, for example:
private-key:
-----BEGIN SSH PRIVATE KEY-----
SAMPLEgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
-----END SSH PRIVATE KEY----- - Click Update.
Apply a private key to an RAC endpoint
- Log in to authentik as an administrator, and open the authentik Admin interface.
- Navigate to Applications > Providers.
- Click the name of the RAC provider that the endpoint belongs to.
- Under Endpoints- click on the Edit icon next to the endpoint that requires public key authentication.
- Under Advanced settings, in the Settings codebox enter the private key of the endpoint:
private-key:
-----BEGIN SSH PRIVATE KEY-----
SAMPLEgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
-----END SSH PRIVATE KEY----- - Click Update.
Apply a private key to an RAC property mapping
-
Log in to authentik as an administrator, and open the authentik Admin interface.
-
Navigate to Customization > Property Mappings and click Create, then create a RAC Provider Property Mapping with the following settings:
- Name: Choose a descriptive name
- Under Advanced Settings:
- Expression:
return {
"private-key": "-----BEGIN SSH PRIVATE KEY-----
SAMPLEgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
-----END SSH PRIVATE KEY-----",
} -
Click Finish.
-
Navigate to Applications > Providers.
-
Click the Edit icon on the RAC provider that requires public key authentication.
-
Under Protocol Settings add the newly created property mapping to Selected Property Mappings.
-
Click Update.
Retrieve a private key from a user's attributes and apply it to an RAC property mapping
-
Log in to authentik as an administrator, and open the authentik Admin interface.
-
Navigate to Customization > Property Mappings and click Create. Create a RAC Provider Property Mapping with the following settings:
- Name: Choose a descriptive name
- Under Advanced Settings:
- Expression:
return {
"private-key": request.user.attributes.get("<private-key-attribute-name>", "default"),
}
-
Click Finish.
-
Navigate to Applications > Providers.
-
Click the Edit icon on the RAC provider that requires public key authentication.
-
Under Protocol Settings, add the newly created property mapping to Selected Property Mappings.
-
Click Update.
For group attributes, the following expression can be used request.user.group_attributes(request.http_request)