diff options
author | Micah Anderson <micah@leap.se> | 2015-06-11 12:10:09 -0400 |
---|---|---|
committer | Micah Anderson <micah@leap.se> | 2015-06-11 12:10:09 -0400 |
commit | b429b30bda4dafc78cb02f6ece5d82f08e35de1f (patch) | |
tree | 37efc30a4fcb642dec583c3accea76f7a7de9c39 /doc/guide/keys-and-certificates.md | |
parent | 67b2bea2dfcfb06191bf5ed562309f264c6aed8c (diff) | |
parent | d9146415db0e6b7dd0c945039c0a4ed4fd054a7d (diff) |
Merge tag '0.7.0'
Releasing 0.7.0
Diffstat (limited to 'doc/guide/keys-and-certificates.md')
-rw-r--r-- | doc/guide/keys-and-certificates.md | 22 |
1 files changed, 20 insertions, 2 deletions
diff --git a/doc/guide/keys-and-certificates.md b/doc/guide/keys-and-certificates.md index bd7f3495..aef02ac6 100644 --- a/doc/guide/keys-and-certificates.md +++ b/doc/guide/keys-and-certificates.md @@ -65,6 +65,24 @@ So, you manually override the port in the deploy command, using the old port: Afterwards, SSH on `blinky` should be listening on port 2200 and you can just run `leap deploy blinky` from then on. +Sysadmins with multiple SSH keys +----------------------------------- + +The command `leap add-user --self` allows only one SSH key. If you want to specify more than one key for a user, you can do it manually: + + users/userx/userx_ssh.pub + users/userx/otherkey_ssh.pub + +All keys matching 'userx/*_ssh.pub' will be usable. + +Removing sysadmin access +-------------------------------- + +Suppose you want to remove `userx` from having any further ssh access to the servers. Do this: + + rm -r users/userx + leap deploy + X.509 Certificates ================================ @@ -153,7 +171,7 @@ This command will generate the CSR and private key matching `provider.domain` (y The related commercial cert files are: files/ - certs/ + cert/ domain.org.crt # Server certificate for domain.org, obtained by commercial CA. domain.org.csr # Certificate signing request domain.org.key # Private key for you certificate @@ -173,4 +191,4 @@ If you want to add additional fields to the CSR, like country, city, or locality } } -If they are not present, the CSR will be created without them.
\ No newline at end of file +If they are not present, the CSR will be created without them. |