habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
cfb4eda1551ee5fbbf5dcd678eecaab754b3528d
authentik/website/docs/add-secure-apps/providers/rac/rac-public-key.md
dependabot[bot] 0b6ab171ce website: bump prettier from 3.5.3 to 3.6.0 in /website (#15199) 
* website: bump prettier from 3.5.3 to 3.6.0 in /website

Bumps [prettier](https://github.com/prettier/prettier) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/prettier/prettier/releases)
- [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prettier/prettier/compare/3.5.3...3.6.0)

---
updated-dependencies:
- dependency-name: prettier
  dependency-version: 3.6.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* format

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-06-23 21:29:14 +02:00

102 lines
4.5 KiB
Markdown
Raw Blame History

---
title: RAC SSH Public Key Authentication
---
## About RAC SSH public key authentication
The RAC provider supports SSH public key authentication. This allows for secure connections to SSH endpoints without the use of passwords.
SSH private keys can be configured via several methods:
## Apply a private key to an RAC provider
1. Log in to authentik as an administrator, and open the authentik Admin interface.
2. Navigate to **Applications** > **Providers**.
3. Click the **Edit** icon on the RAC provider that requires public key authentication.
4. In the **Settings** codebox enter the private key of the endpoint, for example:
```python
private-key:
-----BEGIN SSH PRIVATE KEY-----
SAMPLEgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
-----END SSH PRIVATE KEY-----
```
5. Click **Update**.
## Apply a private key to an RAC endpoint
1. Log in to authentik as an administrator, and open the authentik Admin interface.
2. Navigate to **Applications** > **Providers**.
3. Click the name of the RAC provider that the endpoint belongs to.
4. Under **Endpoints**- click on the **Edit** icon next to the endpoint that requires public key authentication.
5. Under **Advanced settings**, in the **Settings** codebox enter the private key of the endpoint:
```python
private-key:
-----BEGIN SSH PRIVATE KEY-----
SAMPLEgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
-----END SSH PRIVATE KEY-----
```
6. Click **Update**.
## Apply a private key to an RAC property mapping
1. Log in to authentik as an administrator, and open the authentik Admin interface.
2. Navigate to **Customization** > **Property Mappings** and click **Create**, then create a **RAC Provider Property Mapping** with the following settings:
- **Name**: Choose a descriptive name
- Under **Advanced Settings**:
- **Expression**:
```python
return {
"private-key": "-----BEGIN SSH PRIVATE KEY-----
SAMPLEgIBAAJBAKj34GkxFhD90vcNLYLInFEX6Ppy1tPf9Cnzj4p4WGeKLs1Pt8Qu
KUpRKfFLfRYC9AIKjbJTWit+CqvjWYzvQwECAwEAAQJAIJLixBy2qpFoS4DSmoEm
o3qGy0t6z09AIJtH+5OeRV1be+N4cDYJKffGzDa88vQENZiRm0GRq6a+HPGQMd2k
TQIhAKMSvzIBnni7ot/OSie2TmJLY4SwTQAevXysE2RbFDYdAiEBCUEaRQnMnbp7
9mxDXDf6AU0cN/RPBjb9qSHDcWZHGzUCIG2Es59z8ugGrDY+pxLQnwfotadxd+Uy
v/Ow5T0q5gIJAiEAyS4RaI9YG8EWx/2w0T67ZUVAw8eOMB6BIUg0Xcu+3okCIBOs
/5OiPgoTdSy7bcF9IGpSE8ZgGKzgYQVZeN97YE00
-----END SSH PRIVATE KEY-----",
}
```
3. Click **Finish**.
4. Navigate to **Applications** > **Providers**.
5. Click the **Edit** icon on the RAC provider that requires public key authentication.
6. Under **Protocol Settings** add the newly created property mapping to **Selected Property Mappings**.
7. Click **Update**.
## Retrieve a private key from a user's attributes and apply it to an RAC property mapping
1. Log in to authentik as an administrator, and open the authentik Admin interface.
2. Navigate to **Customization** > **Property Mappings** and click **Create**. Create a **RAC Provider Property Mapping** with the following settings:
- **Name**: Choose a descriptive name
- Under **Advanced Settings**:
- **Expression**:
```python
return {
"private-key": request.user.attributes.get("<private-key-attribute-name>", "default"),
}
```
3. Click **Finish**.
4. Navigate to **Applications** > **Providers**.
5. Click the **Edit** icon on the RAC provider that requires public key authentication.
6. Under **Protocol Settings**, add the newly created property mapping to **Selected Property Mappings**.
7. Click **Update**.
:::note
For group attributes, the following expression can be used `request.user.group_attributes(request.http_request)`
:::
Reference in New Issue View Git Blame Copy Permalink