blob: 94c6b69be61ca9ff0ba1bd16c092838d3685ef4e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
server {
use_tls = true # Optional. If this is set then `tls_key` and `tls_cert` must be set
tls_key = "server.key" # Path to TLS key
tls_cert = "server.crt" # Path to TLS certificate
port = 443 # Port to listen on
cookie_secret = "supersecret" # Authentication key for the client cookie
}
auth {
provider = "google" # Oauth provider to use
oauth_client_id = "nnnnnnnnnnnnnnnn.apps.googleusercontent.com" # Oauth client ID
oauth_client_secret = "yyyyyyyyyyyyyyyyyyyyyy" # Oauth client secret
oauth_callback_url = "https://sshca.example.com/auth/callback" # Oauth callback url
provider_opts {
domain = "example.com" # Oauth-provider specific options
}
}
ssh {
signing_key = "signing_key" # Path to the CA signing secret key
additional_principals = ["ec2-user", "ubuntu"] # Additional principals to allow
max_age = "720h" # Maximum lifetime of a ssh certificate
permissions = ["permit-pty", "permit-X11-forwarding", "permit-agent-forwarding", "permit-port-forwarding", "permit-user-rc"] # Permissions associated with a certificate.
}
|
