summaryrefslogtreecommitdiff
path: root/doc/guide/keys-and-certificates.md
diff options
context:
space:
mode:
authorMicah Anderson <micah@leap.se>2015-06-11 12:10:09 -0400
committerMicah Anderson <micah@leap.se>2015-06-11 12:10:09 -0400
commitb429b30bda4dafc78cb02f6ece5d82f08e35de1f (patch)
tree37efc30a4fcb642dec583c3accea76f7a7de9c39 /doc/guide/keys-and-certificates.md
parent67b2bea2dfcfb06191bf5ed562309f264c6aed8c (diff)
parentd9146415db0e6b7dd0c945039c0a4ed4fd054a7d (diff)
Merge tag '0.7.0'
Releasing 0.7.0
Diffstat (limited to 'doc/guide/keys-and-certificates.md')
-rw-r--r--doc/guide/keys-and-certificates.md22
1 files changed, 20 insertions, 2 deletions
diff --git a/doc/guide/keys-and-certificates.md b/doc/guide/keys-and-certificates.md
index bd7f3495..aef02ac6 100644
--- a/doc/guide/keys-and-certificates.md
+++ b/doc/guide/keys-and-certificates.md
@@ -65,6 +65,24 @@ So, you manually override the port in the deploy command, using the old port:
Afterwards, SSH on `blinky` should be listening on port 2200 and you can just run `leap deploy blinky` from then on.
+Sysadmins with multiple SSH keys
+-----------------------------------
+
+The command `leap add-user --self` allows only one SSH key. If you want to specify more than one key for a user, you can do it manually:
+
+ users/userx/userx_ssh.pub
+ users/userx/otherkey_ssh.pub
+
+All keys matching 'userx/*_ssh.pub' will be usable.
+
+Removing sysadmin access
+--------------------------------
+
+Suppose you want to remove `userx` from having any further ssh access to the servers. Do this:
+
+ rm -r users/userx
+ leap deploy
+
X.509 Certificates
================================
@@ -153,7 +171,7 @@ This command will generate the CSR and private key matching `provider.domain` (y
The related commercial cert files are:
files/
- certs/
+ cert/
domain.org.crt # Server certificate for domain.org, obtained by commercial CA.
domain.org.csr # Certificate signing request
domain.org.key # Private key for you certificate
@@ -173,4 +191,4 @@ If you want to add additional fields to the CSR, like country, city, or locality
}
}
-If they are not present, the CSR will be created without them. \ No newline at end of file
+If they are not present, the CSR will be created without them.