updated ssh usage and known issues with platform 0.6

author: elijah <elijah@riseup.net> 2014-12-17 16:18:29 -0800
committer: elijah <elijah@riseup.net> 2014-12-17 16:18:29 -0800
commit: 5e09e3157fc608ef8f293dfeda813d0eda2027e4 (patch)
tree: fc8903fda60ba135e9509c27d27b6114d74d241a /docs/platform/guide/keys-and-certificates.md
parent: 6d57d0af2b684b31ed6074875029ee2c82f7f9b8 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/docs/platform/guide/keys-and-certificates.md b/docs/platform/guide/keys-and-certificates.md
index bd7f349..6139acd 100644
--- a/docs/platform/guide/keys-and-certificates.md
+++ b/docs/platform/guide/keys-and-certificates.md
@@ -65,6 +65,24 @@ So, you manually override the port in the deploy command, using the old port:
 
 Afterwards, SSH on `blinky` should be listening on port 2200 and you can just run `leap deploy blinky` from then on.
 
+Sysadmins with multiple SSH keys
+-----------------------------------
+
+The command `leap add-user --self` allows only one SSH key. If you want to specify more than one key for a user, you can do it manually:
+
+    users/userx/userx_ssh.pub
+    users/userx/otherkey_ssh.pub
+
+All keys matching 'userx/*_ssh.pub' will be usable.
+
+Removing sysadmin access
+--------------------------------
+
+Suppose you want to remove `userx` from having any further ssh access to the servers. Do this:
+
+    rm -r users/userx
+    leap deploy
+
 X.509 Certificates
 ================================
author	elijah <elijah@riseup.net>	2014-12-17 16:18:29 -0800
committer	elijah <elijah@riseup.net>	2014-12-17 16:18:29 -0800
commit	5e09e3157fc608ef8f293dfeda813d0eda2027e4 (patch)
tree	fc8903fda60ba135e9509c27d27b6114d74d241a /docs/platform/guide/keys-and-certificates.md
parent	6d57d0af2b684b31ed6074875029ee2c82f7f9b8 (diff)