π»Accessing Your Remote Host
The following guide covers how to access your remote host using OpenPubkey SSH.
OpenPubkey SSH (OPK SSH) is fully compatible with existing workflows for accessing a remote host with SSH. To access your host through OPK SSH, you will first log in with the ZLI and then can ssh
using your local terminal.
If you have not installed the ZLI on your local machine yet, instructions are below.
Log in using the ZLI from your local terminal.
zli login --opk
Assuming the remote host you would like to access is already configured and tested, ensure you have removed your traditional SSH keys that allowed access to your remote host prior to OPK SSH setup. If not, see Remove Your SSH Keys for help with this.
SSH to your box using
ssh
from your local terminal. This may look likessh ec2-user@my-aws-host
.
What Does The Login
Command Do?
Login
Command Do?This login
command does the following:
It will redirect you to a Google login page in a browser window, where you should authenticate as you would regularly when logging in to Google (
username
andpassword
).Once logged in, your Google ID token is used to create a PK Token.
This token is then used to generate an SSH certificate. The ZLI saves this certificate to a default key in your SSH directory (
~/.ssh
) and is used in place of traditional SSH certificates to grant SSH access to a remote host.
The SSH certificate generated by OPK SSH is only valid until your id_token
expires (this is controlled by your OP - Google in this case - and is typically limited to 1 hour). When your id_token
expires, OPK SSH will use your refresh token to get a new id_token
and generate a new SSH certificate. Re-authentication is required when your refresh token expires.
Product feedback? Send us a note at [email protected].
Last updated