User would like to be able to allow a specific group of users on the tailnet SSH access. The users are defined as under a specific domain, however, they have a GitHub org tailnet and are unable to use localpart:*@<domain> because it is a shared domain.
Error: [ssh] symphonyfs.org.github is a shared domain and cannot be used in user:*@<domain> expressions
How should we solve this?
Something like autogroup:self, or a representation of self as the user.
What is the impact of not solving this?
The option left is to use autogroup:nonroot. This allows users to login to any machine as any user, and doesn't specify access based on the user's domain/username.
What are you trying to do?
User would like to be able to allow a specific group of users on the tailnet SSH access. The users are defined as under a specific domain, however, they have a GitHub org tailnet and are unable to use
localpart:*@<domain>
because it is a shared domain.Example:
Error:
[ssh] symphonyfs.org.github is a shared domain and cannot be used in user:*@<domain> expressions
How should we solve this?
Something like
autogroup:self
, or a representation ofself
as the user.What is the impact of not solving this?
The option left is to use
autogroup:nonroot
. This allows users to login to any machine as any user, and doesn't specify access based on the user's domain/username.Anything else?
No response