mirror of
https://github.com/gravitational/teleport
synced 2024-10-22 10:13:21 +00:00
docs: mention the Github OAuth scopes requested by teleport
This commit is contained in:
parent
483153b4ec
commit
3ea970c38f
|
@ -903,7 +903,7 @@ and 3024 on the proxy. Port 3080 is used to initially fetch the credentials (SSH
|
|||
and for discovery (where is the reverse tunnel running, in this case 3024). Port 3024 is used to
|
||||
establish a connection to the Auth Server through the proxy.
|
||||
|
||||
To enable multiplexing so only one port is used, simply set the `tunnel_listen_addr` the same as the
|
||||
To enable multiplexing so only one port is used, simply set the `tunnel_listen_addr` the same as the
|
||||
`web_listen_addr` respectively within the `proxy_service`. Teleport will automatically recognize using the same port and enable multiplexing. If the log setting is set to DEBUG you will see multiplexing enabled in the server log.
|
||||
```bash
|
||||
DEBU [PROC:1] Setup Proxy: Reverse tunnel proxy and web proxy listen on the same port, multiplexing is on. service/service.go:1944
|
||||
|
@ -1639,10 +1639,13 @@ spec:
|
|||
that users from the matching org/team assume after going through the
|
||||
authorization flow.
|
||||
|
||||
To obtain client ID and client secret, please follow Github documentation on how
|
||||
to [create and register an OAuth app](https://developer.github.com/apps/building-oauth-apps/creating-an-oauth-app/).
|
||||
Be sure to set the "Authorization callback URL" to the same value as `redirect_url` in
|
||||
the resource spec.
|
||||
To obtain client ID and client secret, please follow Github documentation on
|
||||
how to [create and register an OAuth
|
||||
app](https://developer.github.com/apps/building-oauth-apps/creating-an-oauth-app/).
|
||||
Be sure to set the "Authorization callback URL" to the same value as
|
||||
`redirect_url` in the resource spec. Teleport will request only the `read:org`
|
||||
OAuth scope, you can read more about Github scopes
|
||||
[here](https://developer.github.com/apps/building-oauth-apps/understanding-scopes-for-oauth-apps/).
|
||||
|
||||
Finally, create the connector using [ `tctl` ](cli-docs.md#tctl)
|
||||
[resource](#resources) management command:
|
||||
|
@ -1856,15 +1859,15 @@ To allow access for all users:
|
|||
+ Copy `teleport-user-ca.pub` to `/etc/ssh/teleport-user-ca.pub`
|
||||
+ Update `sshd` configuration (usually `/etc/ssh/sshd_config` ) to point to
|
||||
this file: `TrustedUserCAKeys /etc/ssh/teleport-user-ca.pub`
|
||||
|
||||
|
||||
To connect to the OpenSSH server via `tsh`, add `--port=<ssh port>` with the `tsh ssh` command:
|
||||
|
||||
Example ssh to `database.work.example.com` as `root` with a OpenSSH server on port 22 via `tsh`:
|
||||
tsh ssh --port=22 root@database.work.example.com
|
||||
|
||||
|
||||
!!! warning "Warning"
|
||||
|
||||
The principal (username) being used to connect must be listed in the Teleport user/role configuration.
|
||||
|
||||
The principal (username) being used to connect must be listed in the Teleport user/role configuration.
|
||||
|
||||
## Certificate Rotation
|
||||
|
||||
|
|
Loading…
Reference in a new issue