This client can be used to create SSH certificates without a Pritunl Zero server. Use only when the Pritunl Zero server is inaccessible and SSH access is needed.
This must be done before losing access to the Pritunl Zero server. Keys are encrypted with AES-256.
# Export SSH authorities
sudo pritunl-zero export-ssh ~/ssh_backup.jsonCertificates are valid for 30 minutes.
# Install emergency ssh client
go get github.com/pritunl/pritunl-zero-ssh-emergency
# Create SSH certificate
~/go/bin/pritunl-zero-ssh-emergency ~/ssh_backup.json ~/.ssh/id_rsa.pub
ssh-keygen -L -f ~/.ssh/id_rsa-cert.pubBy default only the emergency role is added to the certificate principals.
Custom roles can be appended to the command arguments as shown in the example
below.
# Custom roles
~/go/bin/pritunl-zero-ssh-emergency ~/ssh_backup.json ~/.ssh/id_rsa.pub role1 role2If your SSH configuration has strict host checking enabled you may need to
remove the option from the SSH configuration to connect. This can be done with
the pritunl-ssh client by running the command pritunl-ssh clear-strict-host.
The bastion host configuration can be removed with the command
pritunl-ssh clear-bastion-host. The command pritunl-ssh clear will remove
all SSH configuration changes made.
Please refer to the LICENSE file for a copy of the license.