summaryrefslogtreecommitdiff
path: root/doc/guide/keys-and-certificates.md
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2015-06-11 10:36:16 -0400
committerMicah Anderson <micah@leap.se>2015-06-11 10:36:16 -0400
commit49513b828f019a0eb7c6f5082f6e9d817136904a (patch)
tree16de1ce8a4859c3c14fdc280446502caf6b368cc /doc/guide/keys-and-certificates.md
parent18e247ae29e7ee787e350724e2884da0a74bbd63 (diff)
update /doc dir with latest from leap docs/platform
Change-Id: If4bcf7e2139b672c3e38f55e54d1f121a5601860
Diffstat (limited to 'doc/guide/keys-and-certificates.md')
-rw-r--r--doc/guide/keys-and-certificates.md22
1 files changed, 20 insertions, 2 deletions
diff --git a/doc/guide/keys-and-certificates.md b/doc/guide/keys-and-certificates.md
index bd7f3495..aef02ac6 100644
--- a/doc/guide/keys-and-certificates.md
+++ b/doc/guide/keys-and-certificates.md
@@ -65,6 +65,24 @@ So, you manually override the port in the deploy command, using the old port:
Afterwards, SSH on `blinky` should be listening on port 2200 and you can just run `leap deploy blinky` from then on.
+Sysadmins with multiple SSH keys
+-----------------------------------
+
+The command `leap add-user --self` allows only one SSH key. If you want to specify more than one key for a user, you can do it manually:
+
+ users/userx/userx_ssh.pub
+ users/userx/otherkey_ssh.pub
+
+All keys matching 'userx/*_ssh.pub' will be usable.
+
+Removing sysadmin access
+--------------------------------
+
+Suppose you want to remove `userx` from having any further ssh access to the servers. Do this:
+
+ rm -r users/userx
+ leap deploy
+
X.509 Certificates
================================
@@ -153,7 +171,7 @@ This command will generate the CSR and private key matching `provider.domain` (y
The related commercial cert files are:
files/
- certs/
+ cert/
domain.org.crt # Server certificate for domain.org, obtained by commercial CA.
domain.org.csr # Certificate signing request
domain.org.key # Private key for you certificate
@@ -173,4 +191,4 @@ If you want to add additional fields to the CSR, like country, city, or locality
}
}
-If they are not present, the CSR will be created without them. \ No newline at end of file
+If they are not present, the CSR will be created without them.