Investigate giving out SSH access via Keycloak
As we are moving to SSO, we want ssh keys to be handled by keycloak as this will help us with onboarding new folks and removing access when a user.
Requirements:
- Restrict ssh keys (with certain keysize/algo)
- Allow Developers/TU's to upload their keys (and no one else)
Potential solutions
Uploading keys
For solutions such as PAM OIDC and vault, we need to provide our own ssh keys
Note
Keep root ssh keys as is for now, so we can log in when keycloak fails to start on a reboot. (Note hetzner VPS'es allow login via the web console)
Edited by Jelle van der Waa