4.6.2. Gateway Users

Gateway users are a very central element, since this is where the individual users who can access target systems via suSSHi are managed.

A unique personal user is created here for each user who will use suSSHi. Each user account also contains the individual public keys of the respective user. If authentication at the gateway using a static password is desired, a password can also be set here.

Warning

Using static passwords for gateway authentication is not recommended - user keys should be used instead. The password method is more of a placeholder for individual password-based workflows such as one-time passwords.

../../_images/list1.png

4.6.2.1. User Objects

A user object represents an individual, usually a real user. In the creation dialog, you can specify organizational information such as the user’s name and e-mail address. If required, a gateway password can also be supplied.

Please add one or more public user keys of different types provided by the person. A unique title for each user key is required to distinguish between the user keys. The user interface supports the formats PKCS1 (openSSHs .pub files), PKCS8 and SSH Public Key File Format (RFC 4716).

A user object can also be assigned to one or more groups directly during its creation.

../../_images/new_user.png

Tip

Even in the creation step, you can also disable a user by unchecking the User is active option.

4.6.2.2. User Groups

Analogous to the source IP groups, the gateway user groups combine individual gateway users. This allows, for example, to modify multiple access rules in one place instead of adding (or removing) users in all these rules.

../../_images/new_group.png