From 5e09e3157fc608ef8f293dfeda813d0eda2027e4 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Wed, 17 Dec 2014 16:18:29 -0800
Subject: updated ssh usage and known issues with platform 0.6

---
 docs/platform/guide/keys-and-certificates.md | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'docs/platform/guide/keys-and-certificates.md')

diff --git a/docs/platform/guide/keys-and-certificates.md b/docs/platform/guide/keys-and-certificates.md
index bd7f349..6139acd 100644
--- a/docs/platform/guide/keys-and-certificates.md
+++ b/docs/platform/guide/keys-and-certificates.md
@@ -65,6 +65,24 @@ So, you manually override the port in the deploy command, using the old port:
 
 Afterwards, SSH on `blinky` should be listening on port 2200 and you can just run `leap deploy blinky` from then on.
 
+Sysadmins with multiple SSH keys
+-----------------------------------
+
+The command `leap add-user --self` allows only one SSH key. If you want to specify more than one key for a user, you can do it manually:
+
+    users/userx/userx_ssh.pub
+    users/userx/otherkey_ssh.pub
+
+All keys matching 'userx/*_ssh.pub' will be usable.
+
+Removing sysadmin access
+--------------------------------
+
+Suppose you want to remove `userx` from having any further ssh access to the servers. Do this:
+
+    rm -r users/userx
+    leap deploy
+
 X.509 Certificates
 ================================
 
-- 
cgit v1.2.3