so far I have managed to configure my server so that the client can ssh with a key singed by vault. I.e. I can do:
user@client $ ssh-keygen -Lf ~/.ssh/server-signed.pub /tmp/qashare-signed-cert.pub: Type: firstname.lastname@example.org user certificate Public key: RSA-CERT SHA256:... Signing CA: RSA SHA256:... (using ssh-rsa) Key ID: "vault-..." Serial: ... Valid: from 2021-09-11T17:43:41 to 2021-09-11T18:14:11 Principals: serveruser Critical Options: (none) Extensions: permit-X11-forwarding permit-agent-forwarding permit-port-forwarding permit-pty permit-user-rc user@client $ ssh -i ~/.ssh/id_rsa -i ~/.ssh/server_signed.pub serveruser@server bash --login hostname server echo $USER serveruser vim .bashrc Vim: Warning: Output is not to a terminal Vim: Warning: Input is not from a terminal
The problem, as you can see from the output above, is that the
permit-pty extension doesn’t seem to work properly, because neither do I see a prompt on the server, nor a motd and when I use something like vim on the server get “not a terminal” type of warnings.
How do I get this working just like it was a regular ssh session?