Simple authorization
Authorizes a user request via stored credentials.
Properties
type
Authorization Type = "simple"
Has to be set to simple
to enable simple authorization.
entries
[]Entry
Each entry will be inspected to check if a remote user should be authorized.
Entry
Always one property of the following properties has to match in combination with name
:
Properties
name
string
Name the remote user has to have.
Like: ssh <name>@my-great-domain.tld
to match this entry.
authorizedKeys
Contains SSH Public Keys in the format of classic authorized keys.
authorizedKeysFile
Similar to authorizedKeys
, but in a dedicated file.
password
Password (if user uses interactive or password authentication method) to be evaluated against.
passwordFile
Same as password
, but is receiving the value from this file.
If both properties are defined and have values, password
will be used.
createPasswordFileIfAbsentOfType
If this property is provided and passwordFile
is defined, but does not exist, the file will be generated with a random password of this type.
The result will be printed into the startup logs of Bifröst.
This feature usually only makes sense for cases where you want to create dummy configurations of Bifröst to demonstrate some functionality, like we're utilizing it in our demonstration configurations: contrib/configurations/simple-inside-docker.yaml.
Context
This authorization will produce a context of type Authorization Simple.
Examples
- Using plain password:
1 2 3 4
type: simple entries: - name: foo password: plain:bar
- Using authorized keys:
1 2 3 4 5
type: simple entries: - name: foo authorizedKeys: | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC80lm5FQbbyRUut6RwZJRbxTLO3W4f08ITDi9fA3+jx foo@foo.tld
Compatibility
linux |
windows |
---|---|
/ | / |