self-hosted/teleport
self-hosted/teleport
1
0
Fork 0
mirror of https://github.com/gravitational/teleport synced 2024-10-22 10:13:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: mention the Github OAuth scopes requested by teleport

Browse source
This commit is contained in:
Andrew Lytvynov 2020-07-01 12:00:56 -07:00 committed by Andrew Lytvynov
parent 483153b4ec
commit 3ea970c38f
1 changed files with 12 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
docs/4.3/admin-guide.md
View file

@ -903,7 +903,7 @@ and 3024 on the proxy. Port 3080 is used to initially fetch the credentials (SSH
and for discovery (where is the reverse tunnel running, in this case 3024). Port 3024 is used to
establish a connection to the Auth Server through the proxy.
To enable multiplexing so only one port is used, simply set the `tunnel_listen_addr` the same as the
To enable multiplexing so only one port is used, simply set the `tunnel_listen_addr` the same as the
`web_listen_addr` respectively within the `proxy_service`. Teleport will automatically recognize using the same port and enable multiplexing. If the log setting is set to DEBUG you will see multiplexing enabled in the server log.
```bash
DEBU [PROC:1] Setup Proxy: Reverse tunnel proxy and web proxy listen on the same port, multiplexing is on. service/service.go:1944
@ -1639,10 +1639,13 @@ spec:
that users from the matching org/team assume after going through the
authorization flow.
To obtain client ID and client secret, please follow Github documentation on how
to [create and register an OAuth app](https://developer.github.com/apps/building-oauth-apps/creating-an-oauth-app/).
Be sure to set the "Authorization callback URL" to the same value as `redirect_url` in
the resource spec.
To obtain client ID and client secret, please follow Github documentation on
how to [create and register an OAuth
app](https://developer.github.com/apps/building-oauth-apps/creating-an-oauth-app/).
Be sure to set the "Authorization callback URL" to the same value as
`redirect_url` in the resource spec. Teleport will request only the `read:org`
OAuth scope, you can read more about Github scopes
[here](https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/).
Finally, create the connector using [ `tctl` ](cli-docs.md#tctl)
[resource](#resources) management command:
@ -1856,15 +1859,15 @@ To allow access for all users:
+ Copy `teleport-user-ca.pub` to `/etc/ssh/teleport-user-ca.pub`
+ Update `sshd` configuration (usually `/etc/ssh/sshd_config` ) to point to
this file: `TrustedUserCAKeys /etc/ssh/teleport-user-ca.pub`
To connect to the OpenSSH server via `tsh`, add `--port=<ssh port>` with the `tsh ssh` command:
Example ssh to `database.work.example.com` as `root` with a OpenSSH server on port 22 via `tsh`:
tsh ssh --port=22 root@database.work.example.com
!!! warning "Warning"
The principal (username) being used to connect must be listed in the Teleport user/role configuration.
The principal (username) being used to connect must be listed in the Teleport user/role configuration.
## Certificate Rotation