habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95d6ffe898b24286c08de1ff7e86442e51a87d8f
authentik/docs/topics/add-secure-apps/providers/rac/rac-public-key.md
Teffen Ellis 582812b3ec website: Flesh out docs split. 
website: Copy files during build.

website: Allow for mixed env builds.

website: Reduce build size.

website: Expose build.

website: Add build memory debugging.

WIP: Disable broken links check to compare memory usage.

website: Update deps.

website: Clean up API paths.

website: Flesh out 3.8 fixes.

Format.

website: Update ignore paths.

Website: Clean up integrations build.

website: Fix paths.

website: Optimize remark.

website: Update deps.

website: Format.

website: Remove linking.

website: Fix paths.

wip: Attempt API only build.

Prep.

Migrate render to runtime. Tidy sidebar.

Clean up templates.

docs: Move directory. WIP

docs: Flesh out split.

website: Fix issue where routes have collisions.
2025-07-01 21:53:19 +02:00

4.5 KiB
Raw Blame History

title
title
RAC SSH Public Key Authentication

About RAC SSH public key authentication

The RAC provider supports SSH public key authentication. This allows for secure connections to SSH endpoints without the use of passwords.

SSH private keys can be configured via several methods:

Apply a private key to an RAC provider

  1. Log in to authentik as an administrator, and open the authentik Admin interface.
  2. Navigate to Applications > Providers.
  3. Click the Edit icon on the RAC provider that requires public key authentication.
  4. In the Settings codebox enter the private key of the endpoint, for example: 
    private-key:
    -----BEGIN SSH PRIVATE KEY-----
    SAMPLEgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
    KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
    o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
    TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
    9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
    v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
    /5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
    -----END SSH PRIVATE KEY-----
  5. Click Update.

Apply a private key to an RAC endpoint

  1. Log in to authentik as an administrator, and open the authentik Admin interface.
  2. Navigate to Applications > Providers.
  3. Click the name of the RAC provider that the endpoint belongs to.
  4. Under Endpoints- click on the Edit icon next to the endpoint that requires public key authentication.
  5. Under Advanced settings, in the Settings codebox enter the private key of the endpoint: 
    private-key:
    -----BEGIN SSH PRIVATE KEY-----
    SAMPLEgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
    KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
    o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
    TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
    9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
    v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
    /5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
    -----END SSH PRIVATE KEY-----
  6. Click Update.

Apply a private key to an RAC property mapping

  1. Log in to authentik as an administrator, and open the authentik Admin interface.

  2. Navigate to Customization > Property Mappings and click Create, then create a RAC Provider Property Mapping with the following settings:

    • Name: Choose a descriptive name
    • Under Advanced Settings:
      • Expression:
    return {
"private-key": "-----BEGIN SSH PRIVATE KEY-----
SAMPLEgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
-----END SSH PRIVATE KEY-----",
}

  3. Click Finish.

  4. Navigate to Applications > Providers.

  5. Click the Edit icon on the RAC provider that requires public key authentication.

  6. Under Protocol Settings add the newly created property mapping to Selected Property Mappings.

  7. Click Update.

Retrieve a private key from a user's attributes and apply it to an RAC property mapping

  1. Log in to authentik as an administrator, and open the authentik Admin interface.

  2. Navigate to Customization > Property Mappings and click Create. Create a RAC Provider Property Mapping with the following settings:

    • Name: Choose a descriptive name
    • Under Advanced Settings:
      • Expression:
      return {
"private-key": request.user.attributes.get("<private-key-attribute-name>", "default"),
}

  3. Click Finish.

  4. Navigate to Applications > Providers.

  5. Click the Edit icon on the RAC provider that requires public key authentication.

  6. Under Protocol Settings, add the newly created property mapping to Selected Property Mappings.

  7. Click Update.

:::note For group attributes, the following expression can be used request.user.group_attributes(request.http_request) :::