-
What is the recommended way to secure warpgate from unwanted users connecting via SSH? By following the Getting Started guide, I believe you end up with an insecure setup in which anyone who can guess the targets can SSH to them. |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 5 replies
-
No, targets are only accessible for authenticated users when their assigned roles match the target's own. The role list is set through Warpgate doesn't include any way to access targets anonymously. |
Beta Was this translation helpful? Give feedback.
-
Guys, I think I ran into this same problem today. I am able to authenticate without a password with any username that has privs to the specified device and can do so with any key - including ones that aren't in the system. |
Beta Was this translation helpful? Give feedback.
-
Thanks - this is now fixed in v0.2.3. It's a regression caused by the new OTP functionality when |
Beta Was this translation helpful? Give feedback.
Thanks - this is now fixed in v0.2.3. It's a regression caused by the new OTP functionality when
user.require
is not set in the config file.