habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
19c5b28cb2510ce6205d08bd9f9ffecadb7df4a8
authentik/website/docs/add-secure-apps/providers/rac/rac-public-key.md
Dewi Roberts 4e932e47c9 website/docs: improve-rac-documents (#14414) 
* Updated sidebar

* Started updating how to rac doc

* Added rac public key doc

* Changed to how to doc

* Change wording

* Removed mentions of SSH because public key auth can be used for RDP too

* Removed more mentions of SSH

* Changed some language and formatting

* Added document explaining the use of other guacamole connection settings.

* Updated SSH doc to include other methods of how to apply connection settings and updated the rac-settings doc to refer to the SSH doc.

* Significant changes - Removed rac-settings page and merged it into the overview/index page. Applied suggestions from Tana and Dominic in how-to-rac and rac-public-ket.

* Lint fix

* Addressing build issues

* Update website/docs/add-secure-apps/providers/rac/how-to-rac.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/add-secure-apps/providers/rac/how-to-rac.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/add-secure-apps/providers/rac/how-to-rac.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/add-secure-apps/providers/rac/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/add-secure-apps/providers/rac/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/add-secure-apps/providers/rac/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Update website/docs/add-secure-apps/providers/rac/index.md

Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>

* Shorter headers and removed text block as Tana suggested.

* Update website/docs/add-secure-apps/providers/rac/how-to-rac.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* Update website/docs/add-secure-apps/providers/rac/how-to-rac.md

Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>

* test tweak

* few tweaks

* more polish

* tweak

* fix typo whah

---------

Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
Co-authored-by: Tana M Berry <tana@goauthentik.io>
2025-05-23 11:02:43 +01:00

4.5 KiB
Raw Blame History

title
title
RAC SSH Public Key Authentication

About RAC SSH public key authentication

The RAC provider supports SSH public key authentication. This allows for secure connections to SSH endpoints without the use of passwords.

SSH private keys can be configured via several methods:

Apply a private key to an RAC provider

  1. Log in to authentik as an administrator, and open the authentik Admin interface.
  2. Navigate to Applications > Providers.
  3. Click the Edit icon on the RAC provider that requires public key authentication.
  4. In the Settings codebox enter the private key of the endpoint, for example: 
    private-key:
    -----BEGIN SSH PRIVATE KEY-----
    SAMPLEgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
    KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
    o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
    TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
    9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
    v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
    /5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
    -----END SSH PRIVATE KEY-----
  5. Click Update.

Apply a private key to an RAC endpoint

  1. Log in to authentik as an administrator, and open the authentik Admin interface.
  2. Navigate to Applications > Providers.
  3. Click the name of the RAC provider that the endpoint belongs to.
  4. Under Endpoints- click on the Edit icon next to the endpoint that requires public key authentication.
  5. Under Advanced settings, in the Settings codebox enter the private key of the endpoint: 
    private-key:
    -----BEGIN SSH PRIVATE KEY-----
    SAMPLEgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
    KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
    o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
    TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
    9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
    v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
    /5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
    -----END SSH PRIVATE KEY-----
  6. Click Update.

Apply a private key to an RAC property mapping

  1. Log in to authentik as an administrator, and open the authentik Admin interface.

  2. Navigate to Customization > Property Mappings and click Create, then create a RAC Provider Property Mapping with the following settings:

    • Name: Choose a descriptive name
    • Under Advanced Settings:
      • Expression:
    return {
"private-key": "-----BEGIN SSH PRIVATE KEY-----
SAMPLEgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
-----END SSH PRIVATE KEY-----",
}

  3. Click Finish.

  4. Navigate to Applications > Providers.

  5. Click the Edit icon on the RAC provider that requires public key authentication.

  6. Under Protocol Settings add the newly created property mapping to Selected Property Mappings.

  7. Click Update.

Retrieve a private key from a user's attributes and apply it to an RAC property mapping

  1. Log in to authentik as an administrator, and open the authentik Admin interface.

  2. Navigate to Customization > Property Mappings and click Create. Create a RAC Provider Property Mapping with the following settings:

    • Name: Choose a descriptive name
    • Under Advanced Settings:
      • Expression:
      return {
"private-key": request.user.attributes.get("<private-key-attribute-name>", "default"),
}

  3. Click Finish.

  4. Navigate to Applications > Providers.

  5. Click the Edit icon on the RAC provider that requires public key authentication.

  6. Under Protocol Settings, add the newly created property mapping to Selected Property Mappings.

  7. Click Update.

:::note For group attributes, the following expression can be used request.user.group_attributes(request.http_request) :::