mart-w/kanidm
1
0
Fork 0
mirror of https://github.com/kanidm/kanidm.git synced 2025-05-19 07:23:55 +02:00
Code Issues Actions16 Packages Projects Releases Wiki Activity

docs: update to OPKSSH version 0.5.1 with support for ES256

Browse source 
Signed-off-by: Fabian Kammel <fabian@kammel.dev>
This commit is contained in:
Fabian Kammel 2025-04-16 21:45:55 +02:00
parent 2986026647
commit 1e1ed6caba
1 changed files with 4 additions and 13 deletions

17
book/src/integrations/oauth2/examples.md
View file

@ -660,16 +660,7 @@ To set up OPKSSH to authenticate with Kanidm:
kanidm system oauth2 update-scope-map opkssh opkssh_users email openid profile groups kanidm system oauth2 update-scope-map opkssh opkssh_users email openid profile groups
``` ```
4. OPKSSH currently only supports `RS256` based signatures, so we need to enable 4. On the SSH server side, as per [offical docs](https://github.com/openpubkey/opkssh?tab=readme-ov-file#server-configuration-1):
support for this algorithm in the client:
```sh
kanidm system oauth2 warning-enable-legacy-crypto opkssh
```
ES256 support is tracked [here](https://github.com/openpubkey/opkssh/issues/131).
5. On the SSH server side, as per [offical docs](https://github.com/openpubkey/opkssh?tab=readme-ov-file#server-configuration-1):
```sh ```sh
wget -qO- "https://raw.githubusercontent.com/openpubkey/opkssh/main/scripts/install-linux.sh" | sudo bash wget -qO- "https://raw.githubusercontent.com/openpubkey/opkssh/main/scripts/install-linux.sh" | sudo bash
@ -678,11 +669,11 @@ To set up OPKSSH to authenticate with Kanidm:
sudo opkssh add user alice@example.com https://idm.example.com/oauth2/openid/opkssh sudo opkssh add user alice@example.com https://idm.example.com/oauth2/openid/opkssh
``` ```
6. On the SSH client side, as per [official docs](https://github.com/openpubkey/opkssh?tab=readme-ov-file#custom-openid-providers-authentik-authelia-keycloak-zitadel): 5. On the SSH client side, as per [official docs](https://github.com/openpubkey/opkssh?tab=readme-ov-file#custom-openid-providers-authentik-authelia-keycloak-zitadel):
```sh ```sh
# Install OPKSSH # Install OPKSSH
curl -LO https://github.com/openpubkey/opkssh/releases/download/v0.4.0/opkssh-linux-amd64 curl -LO https://github.com/openpubkey/opkssh/releases/download/v0.5.1/opkssh-linux-amd64
sudo install opkssh-linux-amd64 /usr/local/bin/opkssh sudo install opkssh-linux-amd64 /usr/local/bin/opkssh
rm opkssh-linux-amd64 rm opkssh-linux-amd64
@ -690,7 +681,7 @@ To set up OPKSSH to authenticate with Kanidm:
opkssh login --provider=https://idm.example.com/oauth2/openid/opkssh,opkssh opkssh login --provider=https://idm.example.com/oauth2/openid/opkssh,opkssh
``` ```
7. Use SSH as you would normally: 6. Use SSH as you would normally:
```sh ```sh
ssh user@your-server-hostname ssh user@your-server-hostname