-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
User suffix for device/network #461
Comments
Hello, If I understand correctly, your use case could work with a more generic version of what you're proposing, by supporting wildcards in This would translate, in your example, as: The Note that the same mechanic would also enable a similar use case: Would this work for you? |
That sounds like a very elegant solution that would work perfectly for these type of devices. It would also eliminate the need to adjust the username validation check to deal with delimiters used by these type of devices. |
Good, I'll draft a branch to test this implementation. In the end, |
Would be possible to have a 'Server' include an optional field for a username suffix? This would be helpful for ssh devices that expose access to additional devices.
Usecase: Opengear serial console servers for out-of-band access in networks.
The device consumes a username+delimiter+port_name@device_ip to expose a unique serial port directly over ssh.
Example:
ssh [email protected]
What we would like to achieve is 'any-user' + suffix @ host stored in bastion.
osh:
groupAddServer --group Site01.OOB --user_suffix "+port_3" --host console1 --user-any --port 22 --comment "Site01 - Serial Port 3"
Result:
bssh admin1+port_3@console1
Bastion checks user's access to console1 and suffix '+port_3' then allows the egress connection.
Benefit:
Users can list out group 'Site01.OOB' to show all available serial ports with associated device ip + suffix available to them.
The text was updated successfully, but these errors were encountered: