Initial implementation: #934
Deprecated old ssh: #935
Main repo PR: goauthentik/authentik#22594
Inspired by OPKSSH
New setup:
Server side, ssh needs AuthorizedKeysCommand set to /usr/bin/ak-sysd ssh-verify %u %k %f (the sysd package sets this up automatically)
Client side, the ssh config needs to use the IdentityAgent from the authentik agent: IdentityAgent "~/Library/Application Support/authentik/agent-ssh.sock"
When using AgentForwarding, the ak cli is able to still communicate through the agent socket with a custom SSH Agent extension.
The old ak ssh usage will be deprecated, alongside all the custom code in the PAM module to support it.
Initial implementation: #934
Deprecated old ssh: #935
Main repo PR: goauthentik/authentik#22594
Inspired by OPKSSH
New setup:
Server side, ssh needs
AuthorizedKeysCommandset to/usr/bin/ak-sysd ssh-verify %u %k %f(the sysd package sets this up automatically)Client side, the ssh config needs to use the IdentityAgent from the authentik agent:
IdentityAgent "~/Library/Application Support/authentik/agent-ssh.sock"When using AgentForwarding, the
akcli is able to still communicate through the agent socket with a custom SSH Agent extension.The old
ak sshusage will be deprecated, alongside all the custom code in the PAM module to support it.