Comments (3)
Hello,
If I understand correctly, your use case could work with a more generic version of what you're proposing, by supporting wildcards in --user
. Namely *
(matching any number of characters) and ?
(matching exactly one character), that would be evaluated on runtime when somebody is requesting a connection.
This would translate, in your example, as:
groupAddServer --group Site01.OOB --user "?*+port_3" --host console1 --port 22
The ?*
would be to force the "prefix" to have at least one character, i.e. connecting as +port_3
would be refused, but connecting as admin1+port_3
, user12+port_3
or root+port_3
would all be allowed.
Note that the same mechanic would also enable a similar use case: johndoe+*
, that could be added as a personal access to some user, allowing them to connect as johndoe
to any port of the opengear.
Would this work for you?
from the-bastion.
That sounds like a very elegant solution that would work perfectly for these type of devices. It would also eliminate the need to adjust the username validation check to deal with delimiters used by these type of devices.
from the-bastion.
Good, I'll draft a branch to test this implementation. In the end, --user-any
would become a synonym of --user *
from the-bastion.
Related Issues (20)
- Enforce connecting with user login8 on group access server HOT 2
- Take global `ssh_config` file into account and autocomplete host names HOT 2
- Connection to the Bastion takes many seconds HOT 2
- SCP Failure - Error 255
- master can't sync with slave HOT 1
- Arista - Add ssh key on a switch with "from" pattern HOT 1
- An alternative method to log into bastion.
- Synchronization between master and slave HOT 6
- Use a global folder for ttyrec sessions HOT 1
- SFTP plugin instead of SCP on recent OpenSSH versions HOT 2
- Login with user@domain HOT 2
- Accepting [email protected] for ingress key HOT 1
- Upgrade errors: [ERR.] <x> doesn't seem to be a valid bastion group HOT 1
- pam-u2f in code or a configuration to do ? HOT 3
- Error when installing with ttyrec HOT 4
- Disable MFA verification when using an SK
- Feature Request: `*-sk` keys supporting PIV-like policies HOT 1
- [Question] disable ttyrec for SCP HOT 8
- SCP freezes wthen downloading large files:
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from the-bastion.