Setting up SSH Authman - for server owners
How to add SSH Authman for users please see the article https://uwaterloo.atlassian.net/wiki/spaces/ISTKB/pages/1551728653
Learn more about the SSH Authman service
If you want to use authman off-campus, please submit a request for external access to rt-ist-iss-general@rt.uwaterloo.ca
Step-by-step guide
Select a script option, either python or bash with or without cache
Create ssh cache directory (as root)
mkdir /var/ssh_cache
chown nobody:(root group) /var/ssh_cache
chmod 750 /var/ssh_cache
In /etc/ssh/sshd_config
Example using bash/with_cache.sh
as auth_command_cache.sh
Copy the selected script to /usr/local/bin/authman_command_cache.sh
Make changes to the script
chown root:nogroup /usr/local/bin/authman_command_cache.sh
chmod 750 /usr/local/bin/authman_command_cache.sh
On Redhat systems, use nobody instead of nogroup
Ensure the following lines
AuthorizedKeysCommand /usr/local/bin/authman_command_cache.sh
AuthorizedKeysCommandUser nobody
You can put this under a match clause if you wish to restrict it to specific users/groups. For example:
Or, negate it for specific users/groups
After making modifications to /etc/ssh/sshd_config
ensure that you reload the configuration. The method used depends of your system.
Related articles
Need help?
Please submit support requests to ist-iss-general@rt.uwaterloo.ca.