authorized_keys_path with -a option

[glennie]

Hello, I setup tmate-ssh-server few weeks ago using the docker container image provided and used '-a' to provide a file containing the ssh public keys.

On latest docker container image (tested on 2019-11-29), '-a' option is not available. How can I provide a file containing all the public keys to tmate-ssh-server? Many thanks and kind regards,

[glennie]

Hi, Looking into the code, the option has been removed in the commit 48884c95c994c7bff01dee24f2230e1263db2f85.

Do you think it is possible to get this option back? Maybe by merging server side public keys with the list provide by the client?

This option was very useful to limit access to the publicly hosted tmate-ssh-server. Kind regards,

[nviennot]

Yes, I'll see what I can do.

A pull request is always welcome though :)

[glennie]

Hi, Thanks. I'm not skilled in C :-c. But, I can beta test the change before merging it into master, if you want. Kind regards,

[varac]

I'm also missing the option to limit access to a non-public instance. Please bring it back, thanks !

[varac]

@juniorz In case you're still using tmate-ssh-server, would you be willing to bring back your original PR :heart: ?

[gee-forr]

Apologies on bumping an old issue...

I've recently spun up my own tmate instance as well, and whilst it's great that fingerprint config has to be shared so that access can be granted, I really do want to limit access to my tmate server to only team members via some kind of pub key auth.

I also tried the -a switch and got the same results using the latest docker image. Any chance this feature could make a return?

[ebardie]

@gee-forr @varac I've added a PR to enforce the use of authorized_keys (from the tmate session) for connexions to the server : https://github.com/tmate-io/tmate-ssh-server/pull/93

This means that different sessions can have different sets of authorized keys, but only connexions which match an authorized key will be accepted.

[oscarh]

We're really talking about two different things here, right? The -a option was to limit who can create a tmate session on the server (which I really think should be doable), and -A option added in #93 is to force sessions to use authorized keys to authorize access to a session...

I would really like to run my own tmate server, but don't want it to be open to the world. Also really don't want to limit in on IPs in a firewall...

@nviennot do you remember why the -a option was removed in 48884c9?

[zephxs]

I just give a try to the private server but soon realized it could not be restricted to an authorized key file.. I was so disappointed when reading this "status". I had to deinstall tmate because of this. It's clearly a needed option, in my perspective.