Open Erick-Reyes opened 2 years ago
Customer would like to restrict specific SSH command on Teleport.
We don't seem to have this currently, so it would require a possible code change. They would like something like SSH command Access Control on CyberArk as an example: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-SSH-Commands-Access-Control-in-PSMP.htm
They want to have granule control in Teleport to be able to deny specific SSH commands to be executed.
They can configuring this with sudoers or selinux outside of teleport, but the effort to add that config to thousands of servers will be very high.
ZD:4437
any updates?
What
Customer would like to restrict specific SSH command on Teleport.
How
We don't seem to have this currently, so it would require a possible code change. They would like something like SSH command Access Control on CyberArk as an example: https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/Latest/en/Content/PASIMP/Configuring-SSH-Commands-Access-Control-in-PSMP.htm
Why
They want to have granule control in Teleport to be able to deny specific SSH commands to be executed.
Workaround
They can configuring this with sudoers or selinux outside of teleport, but the effort to add that config to thousands of servers will be very high.
ZD:4437