Skip to content

Simple authorization

Authorizes a user request via stored credentials.

Properties

type

Authorization Type = "simple"

Has to be set to simple to enable simple authorization.

entries

[]Entry

Each entry will be inspected to check if a remote user should be authorized.

Entry

Always one property of the following properties has to match in combination with name:

Properties

name

string

Name the remote user has to have.

Like: ssh <name>@my-great-domain.tld to match this entry.

authorizedKeys

Contains SSH Public Keys in the format of classic authorized keys.

authorizedKeysFile

Similar to authorizedKeys, but in a dedicated file.

password

Password (if user uses interactive or password authentication method) to be evaluated against.

passwordFile

Same as password, but is receiving the value from this file.

If both properties are defined and have values, password will be used.

createPasswordFileIfAbsentOfType

If this property is provided and passwordFile is defined, but does not exist, the file will be generated with a random password of this type.

The result will be printed into the startup logs of Bifröst.

This feature usually only makes sense for cases where you want to create dummy configurations of Bifröst to demonstrate some functionality, like we're utilizing it in our demonstration configurations: contrib/configurations/simple-inside-docker.yaml.

Context

This authorization will produce a context of type Authorization Simple.

Examples

  1. Using plain password:
    1
    2
    3
    4
    type: simple
    entries:
      - name: foo
        password: plain:bar
    
  2. Using authorized keys:
    1
    2
    3
    4
    5
    type: simple
    entries:
      - name: foo
        authorizedKeys: |
          ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC80lm5FQbbyRUut6RwZJRbxTLO3W4f08ITDi9fA3+jx foo@foo.tld
    

Compatibility

linux windows
/ /