MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 12:52:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

Support user certificate based authentication on SFTP (#19650)

Browse Source
This commit is contained in:
Olli Janatuinen
2024-05-07 08:41:25 +02:00
committed by GitHub
parent 6a15580817
commit b413ff9fdb
3 changed files with 73 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
docs/ftp/README.md
View File

@@ -242,3 +242,16 @@ hmac-sha1
hmac-sha1-96
```
### Certificate-based authentication
`--sftp=trusted-user-ca-key=...` specifies a file containing public key of certificate authority that is trusted
to sign user certificates for authentication.
Implementation is identical with "TrustedUserCAKeys" setting in OpenSSH server with exception that only one CA
key can be defined.
If a certificate is presented for authentication and has its signing CA key is in this file, then it may be
used for authentication for any user listed in the certificate's principals list.
Note that certificates that lack a list of principals will not be permitted for authentication using trusted-user-ca-key.
For more details on certificates, see the CERTIFICATES section in ssh-keygen(1).