website/docs: improve-rac-documents (#14414)
* Updated sidebar * Started updating how to rac doc * Added rac public key doc * Changed to how to doc * Change wording * Removed mentions of SSH because public key auth can be used for RDP too * Removed more mentions of SSH * Changed some language and formatting * Added document explaining the use of other guacamole connection settings. * Updated SSH doc to include other methods of how to apply connection settings and updated the rac-settings doc to refer to the SSH doc. * Significant changes - Removed rac-settings page and merged it into the overview/index page. Applied suggestions from Tana and Dominic in how-to-rac and rac-public-ket. * Lint fix * Addressing build issues * Update website/docs/add-secure-apps/providers/rac/how-to-rac.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Dewi Roberts <dewi@goauthentik.io> * Update website/docs/add-secure-apps/providers/rac/how-to-rac.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Dewi Roberts <dewi@goauthentik.io> * Update website/docs/add-secure-apps/providers/rac/how-to-rac.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Dewi Roberts <dewi@goauthentik.io> * Update website/docs/add-secure-apps/providers/rac/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Dewi Roberts <dewi@goauthentik.io> * Update website/docs/add-secure-apps/providers/rac/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Dewi Roberts <dewi@goauthentik.io> * Update website/docs/add-secure-apps/providers/rac/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Dewi Roberts <dewi@goauthentik.io> * Update website/docs/add-secure-apps/providers/rac/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Dewi Roberts <dewi@goauthentik.io> * Shorter headers and removed text block as Tana suggested. * Update website/docs/add-secure-apps/providers/rac/how-to-rac.md Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> * Update website/docs/add-secure-apps/providers/rac/how-to-rac.md Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> * test tweak * few tweaks * more polish * tweak * fix typo whah --------- Signed-off-by: Dewi Roberts <dewi@goauthentik.io> Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Co-authored-by: Tana M Berry <tana@goauthentik.io>
This commit is contained in:
Dewi Roberts
103
website/docs/add-secure-apps/providers/rac/rac-public-key.md
Normal file
103
website/docs/add-secure-apps/providers/rac/rac-public-key.md
Normal file
@ -0,0 +1,103 @@
|
||||
---
|
||||
title: RAC SSH Public Key Authentication
|
||||
---
|
||||
|
||||
## About RAC SSH public key authentication
|
||||
|
||||
The RAC provider supports SSH public key authentication. This allows for secure connections to SSH endpoints without the use of passwords.
|
||||
|
||||
SSH private keys can be configured via several methods:
|
||||
|
||||
## Apply a private key to an RAC provider
|
||||
|
||||
1. Log in to authentik as an administrator, and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Providers**.
|
||||
3. Click the **Edit** icon on the RAC provider that requires public key authentication.
|
||||
4. In the **Settings** codebox enter the private key of the endpoint, for example:
|
||||
```python
|
||||
private-key:
|
||||
-----BEGIN SSH PRIVATE KEY-----
|
||||
SAMPLEgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
|
||||
KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
|
||||
o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
|
||||
TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
|
||||
9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
|
||||
v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
|
||||
/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
|
||||
-----END SSH PRIVATE KEY-----
|
||||
```
|
||||
5. Click **Update**.
|
||||
|
||||
## Apply a private key to an RAC endpoint
|
||||
|
||||
1. Log in to authentik as an administrator, and open the authentik Admin interface.
|
||||
2. Navigate to **Applications** > **Providers**.
|
||||
3. Click the name of the RAC provider that the endpoint belongs to.
|
||||
4. Under **Endpoints**- click on the **Edit** icon next to the endpoint that requires public key authentication.
|
||||
5. Under **Advanced settings**, in the **Settings** codebox enter the private key of the endpoint:
|
||||
```python
|
||||
private-key:
|
||||
-----BEGIN SSH PRIVATE KEY-----
|
||||
SAMPLEgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
|
||||
KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
|
||||
o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
|
||||
TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
|
||||
9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
|
||||
v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
|
||||
/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
|
||||
-----END SSH PRIVATE KEY-----
|
||||
```
|
||||
6. Click **Update**.
|
||||
|
||||
## Apply a private key to an RAC property mapping
|
||||
|
||||
1. Log in to authentik as an administrator, and open the authentik Admin interface.
|
||||
2. Navigate to **Customization** > **Property Mappings** and click **Create**, then create a **RAC Provider Property Mapping** with the following settings:
|
||||
|
||||
- **Name**: Choose a descriptive name
|
||||
- Under **Advanced Settings**:
|
||||
- **Expression**:
|
||||
|
||||
```python
|
||||
return {
|
||||
"private-key": "-----BEGIN SSH PRIVATE KEY-----
|
||||
SAMPLEgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
|
||||
KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
|
||||
o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
|
||||
TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
|
||||
9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
|
||||
v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
|
||||
/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
|
||||
-----END SSH PRIVATE KEY-----",
|
||||
}
|
||||
```
|
||||
|
||||
3. Click **Finish**.
|
||||
4. Navigate to **Applications** > **Providers**.
|
||||
5. Click the **Edit** icon on the RAC provider that requires public key authentication.
|
||||
6. Under **Protocol Settings** add the newly created property mapping to **Selected Property Mappings**.
|
||||
7. Click **Update**.
|
||||
|
||||
## Retrieve a private key from a user's attributes and apply it to an RAC property mapping
|
||||
|
||||
1. Log in to authentik as an administrator, and open the authentik Admin interface.
|
||||
2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create a **RAC Provider Property Mapping** with the following settings:
|
||||
|
||||
- **Name**: Choose a descriptive name
|
||||
- Under **Advanced Settings**:
|
||||
- **Expression**:
|
||||
```python
|
||||
return {
|
||||
"private-key": request.user.attributes.get("<private-key-attribute-name>", "default"),
|
||||
}
|
||||
```
|
||||
|
||||
3. Click **Finish**.
|
||||
4. Navigate to **Applications** > **Providers**.
|
||||
5. Click the **Edit** icon on the RAC provider that requires public key authentication.
|
||||
6. Under **Protocol Settings**, add the newly created property mapping to **Selected Property Mappings**.
|
||||
7. Click **Update**.
|
||||
|
||||
:::note
|
||||
For group attributes, the following expression can be used `request.user.group_attributes(request.http_request)`
|
||||
:::
|
||||
Reference in New Issue
Block a user