How will an ssh gateway user login into a remote server/ cloud instance as a system user with the same name as the ssh gateway user?
User identity and access management in SSH
There might be situations where the ssh gateway users needs to login to a remote server with the same username as on the ssh gateway server instead of 'root'. This feature is used for user id
For example,
How would you ensure that that your ssh gateway user 'tony' would always login into the remote server as the system user 'tony' on the remote server instead of root?
You can use Pass User Through feature or Sub SSH user
Method 1. Pass User Through
Refer to the following article on Pass-through User.
Method 2. Sub SSH User
Here is how to ensure that the ssh gateway user 'tony' would ssh into the remote server and login as the system user 'tony' on the remote server corporate.eznoc.com which belongs to the server group Linux cloud instances
Note: Make sure to use the Password Management as "Automatic" or " Keep given password", or else the user won't be created on the remote servers that being added after creating sub ssh user.
- Create the SSH gateway user 'tony'.
- Create Sub SSH users called 'Tony'. This step would create system users by the name 'tony' across the servers added in gui. If the system user 'tony' already exist on the remote server, then select unmanaged while adding the system user.
You can edit the password and SSH private key of the unmanaged user 'tony' by clicking the Edit option
- Edit the user 'tony' and select the 'sub ssh user' 'tony' as well. This will ensure that the jump server user 'tony' will always login to remote server as the user 'tony' itself.
This feature is available from version 7.15.0 only. - ssh as gateway user 'tony' and enter the server corporate.eznoc.com and you would be logged in as the user 'tony' on the remote server corporate.eznoc.com. Also, you can see that the Sub SSH User listed in the ezinfo command. The user tony would be logged in as system user tony on all servers.
How to add a Sub SSH User on selected remote servers?
Add Sub SSH User to newly created remote servers.
To create a sub ssh user on a single server or multiple servers at a time, select that remote server from the list and click on Setup Sub SSH Users on selected servers from the right menu bar.
After selecting it will prompt for confirmation. Click on Yes for the sub ssh user creation on the selected remote servers.
To ignore Sub SSH User for a particular remote server enable Ignore Sub SSH User under the Advanced Section of the Server Edit (Server ->Edit-> Ignore Sub SSH User) so that sub SSH User creation will be ignored for that remote server.
Creation of Subssh user fails
If the Ezeelogin gateway server has more remote servers, it will take more time to create the subssh user in all the servers. Refer below article to increase the execution time of the script in the gateway server.