In the previous example, we've reused the Warpgate's admin
user, which only had a password as its only way to authenticate. Currently, Warpgate supports passwords, public keys or password+public key as authentication methods.
Changing a user's password
Log into the Warpgate admin UI and navigate to Config
> Users
> admin
and click Change
next to the password credential:
Adding a public key for a user
- Grab the user's public key in OpenSSH format (normally, you can just copy the
~/.ssh/id_<type>.pub
file contents and strip the name, leaving just <key type> <public key bytes>
, e.g.:
ssh-ed25519 AAAAC...bD4I
- Click
Add public key
and paste it:
Requiring multiple authentication factors
Warpgate can require a client to present both a public key and a password.
- In the
Auth policy
> SSH
section, uncheck Any credential
and select both Password
and Key
:
Using roles to assign access
You can use roles to grant a new user access to multiple targets at once (or assign multiple users to a target).
- Create and remove roles under
Config
> Roles
.
- Assign roles to users and targets on their respective configuration pages.