5 User authentication and roles
Eugene edited this page 2022-09-13 22:00:02 +02:00

In the previous example, we've reused the Warpgate's admin user, which only had a password as its only way to authenticate. Currently, Warpgate supports passwords, public keys or password+public key as authentication methods.

Changing a user's password

Log into the Warpgate admin UI and navigate to Config > Users > admin and click Change next to the password credential:

image

Adding a public key for a user

  • Grab the user's public key in OpenSSH format (normally, you can just copy the ~/.ssh/id_<type>.pub file contents and strip the name, leaving just <key type> <public key bytes>, e.g.:
ssh-ed25519 AAAAC...bD4I
  • Click Add public key and paste it:
image

Requiring multiple authentication factors

Warpgate can require a client to present both a public key and a password.

  • In the Auth policy > SSH section, uncheck Any credential and select both Password and Key:
image

Using roles to assign access

You can use roles to grant a new user access to multiple targets at once (or assign multiple users to a target).

  • Create and remove roles under Config > Roles.
  • Assign roles to users and targets on their respective configuration pages.