My SSH server is configured to use certificate authentication, so it will trust anyone who presents a certificate issued by the user CA when they connect.
For reasons related with audit logs, I don't want my server admins to access the server with root. Which would be the standard way to have user accounts created in the server, so admins can log in using their own accounts?
I'm thinking of a flow like this:
- Alice, server administrator, wants to access server1.
- She uses her SSH certificate signed by the user CA to connect to server1 issuing the command
ssh alice@server1
(the certificate is stored in her local SSH agent). - server1 checks Alice's certificate signature and confirms it was issued by the user CA using the public key specified by the
TrustedUserCAKeys
key in thesshd_config
file). - server1 sends its host certificate to Alice, which gets validated by the ssh client using the host CA's public key in the
known_hosts
file. - The server creates the
alice
user locally, along with its home directory and group bindings. Here's where I need your magic. - Alice gets a shell with user
alice
in server1 and does her admin stuff.