Hi,
so far I have managed to configure my server so that the client can ssh with a key singed by vault. I.e. I can do:
user@client $ ssh-keygen -Lf ~/.ssh/server-signed.pub
/tmp/qashare-signed-cert.pub:
Type: ssh-rsa-cert-v01@openssh.com user certificate
Public key: RSA-CERT SHA256:...
Signing CA: RSA SHA256:... (using ssh-rsa)
Key ID: "vault-..."
Serial: ...
Valid: from 2021-09-11T17:43:41 to 2021-09-11T18:14:11
Principals:
serveruser
Critical Options: (none)
Extensions:
permit-X11-forwarding
permit-agent-forwarding
permit-port-forwarding
permit-pty
permit-user-rc
user@client $ ssh -i ~/.ssh/id_rsa -i ~/.ssh/server_signed.pub serveruser@server bash --login
hostname
server
echo $USER
serveruser
vim .bashrc
Vim: Warning: Output is not to a terminal
Vim: Warning: Input is not from a terminal
The problem, as you can see from the output above, is that the permit-pty
extension doesn’t seem to work properly, because neither do I see a prompt on the server, nor a motd and when I use something like vim on the server get “not a terminal” type of warnings.
How do I get this working just like it was a regular ssh session?