Your browser does not support HTML5 local storage or you have disabled it. Some functionality on this site, including saving your privacy settings and offering you special discounts, uses local storage and may not work with local storage disabled. We recommend allowing the use of local storage in your browser. In some browsers, it is the same setting used for disabling cookies.

SSH

Example with Certificate Authentication

This example presents a typical use case for user mapping: matching a certificate and a user. Selectors are usually used for this purpose, but if you have a database that contains information about users and certificates, you can use an external application defined in the mapper element to query the database. Based on the query result, users can be allowed/denied access to the server.

In this example the user is allowed to log in only if the regular expression provided in the certificate element matches, that is if CN in the certificate's subject name consists of three words separated by periods (.) and a set of digits in the end (for example "Smith.John.James.1234").

<authentication-methods login-grace-time="600">
  <authentication action="allow">
    <auth-publickey />
    <authentication name="authentication3" action="allow">
      <selector>
        <certificate field="subject-name" 
         regexp="C=FI, O=SSH, CN=\\w\+\\.\\w\+\\.\\w\+?\\.?\\w\+?\\.\\d\+" />
      </selector>
      <mapper command="/path/to/python /path/to/script1.py"/>
    </authentication>
  </authentication>
</authentication-methods>

===AUTO_SCHEMA_MARKUP===