Your browser does not allow storing cookies. We recommend enabling them.
SSH.COM uses cookies to give you the best experience and most relevant marketing. More info
DECLINE Warning: Some functionality on this site will not work without cookies and our advertising will be less relevant!GOT IT!

SSH
Home Prev Up Next

Certificate User Mapping File

The map file specifies which certificates authorize logging into which accounts. The format of the file is as follows:

<account-id> <keyword> <argument>

The keyword can be either Email, Subject, SerialAndIssuer, EmailRegex, or SubjectRegex. The argument depends on the keyword.

  • Email: The argument is the e-mail address which must be present in the certificate.

  • Subject: The argument is the required subject name in LDAP DN (distinguished name) string format.

  • SerialAndIssuer: The argument is the required serial number and issuer name in LDAP DN string format, separated by spaces or tabs.

  • EmailRegex: The argument is the regular expression which must match an e-mail address in the certificate. If account-id contains the string %subst%, it is substituted with the first parenthesized part of the regular expression. The patterns are matched using the egrep syntax.

  • SubjectRegex: The argument is the regular expression which must match a subject name in the certificate. If account-id contains the string %subst%, it is substituted with the first parenthesized part of the regular expression. The patterns are matched using the egrep syntax.

Examples

The following are examples of different map file definitions: 

user1 email user1@ssh.com
user1 subject C=FI,O=SSH,CN=Secure Shell User 1
user1 serialandissuer 1234 C=FI,O=SSH,CN=Secure Shell User 1
%subst% subjectregex C=FI, O=SSH, CN=([a-z]+)         
%subst% emailregex ([a-z]+)@ssh\.com

The last line permits logging with any e-mail address with only letters in the user name. For more information on the regular expression syntax, see sshregex.

Home Prev Up Next

Copyright 2014 SSH Communications Security Corporation
This software is protected by international copyright laws. All rights reserved.
Contact Information


 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now

  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now