SSH Certificates and user principal logging/auditing?
Hi all,
I've been looking at SSH Certs for authentication. One of the things I'm having trouble wrapping my mind around is this idea of user to principal mapping. From my perspective it just makes auditing/logging more difficult to track.
For example:
Let's just say I have users\[1-5\] all issued SSH certificates with principal 'www' for all prod servers (or some other generic user).
If everyone logs in to the system with their 'www' principal (ssh -i \~/.ssh/my\_signed\_cert.pub www@server), there's no way to distinguish who did what on the local system. I get that there are paid and open source agent solutions that do per session auditing and tracking, but why complicate it with an extra layer?
I'd rather have a system log show up like this
* 'user x made xyz change'
* 'user y made abc change'
Rather than
* 'www made xyz change'
* 'www made abc change'
In the system log there's only a record of authentication with the serial number, so you know who logged into the system as 'www' at what time, but after that it's all a blur.
The way I see it, it's better to have a 1:1 user to principal mapping. I guess I understand that some systems only have generic user names like 'postgresql
Just reading this, this feels rushed rather than thought through which is why this is getting picked apart This could age very differently in a week.
Looking at this, this depends heavily on what happens next That’s just how it reads to me. At least from my perspective.
there’s a lot said here but not much clarified This probably isn’t the last word on it. At least from my perspective.
the intention might be solid, the rollout less so
Just reading this, the direction makes sense but the details are messy and that’s what people are responding to That’s just how it reads to me.
At first glance, the framing does a lot of heavy lifting here which is why the comments look the way they do Let’s see what happens next.
To be fair, the logic is there, but the execution is uneven and that’s where it gets complicated That’s what changes the context. Hard to say where this lands long term. Could be wrong, but that’s how it comes across.
Real talk, the idea isn’t bad, but the delivery is doing damage That part stands out. Curious how this plays out.
I get the idea, the intention might be solid, the rollout less so so the response doesn’t surprise me Interested to see the follow-up.
Trying to be fair, the wording alone shifts how people read this so the response doesn’t surprise me That’s what changes the context. Hard to say where this lands long term.
From a neutral view, the logic is there, but the execution is uneven and that’s why opinions are all over the place
At this point, there’s a lot said here but not much clarified and that’s where people will push back At least from my perspective.
Real talk, the direction makes sense but the details are messy That’s just my read on it.
Putting bias aside, this feels rushed rather than thought through and that’s what people are responding to Hard to say where this lands long term.
Without overthinking it, the signal is clear, the strategy less so and that’s what people are responding to At least from my perspective.
From the outside, this solves one problem while creating another That’s what changes the context.
From the outside, the way this is presented changes how it lands That’s just my read on it.
this reads stronger on paper than in practice Not convinced this is settled yet.
Trying to be fair, the main issue seems to be how this is handled and that’s why opinions are all over the place That’s what makes this interesting. Feels like an opening move, not an ending.
Without overthinking it, this feels like a half-step, not a full move so the response doesn’t surprise me Let’s see what happens next.
From the outside, the follow-through is what will decide this and that tension shows up immediately That part stands out.
Putting bias aside, the idea isn’t bad, but the delivery is doing damage which is why this is getting picked apart Let’s see what happens next. Could be wrong, but that’s how it comes across.
the logic is there, but the execution is uneven so the response doesn’t surprise me Time will tell. That’s just my read on it.
the wording alone shifts how people read this and that’s why this won’t land the same for everyone That’s just how it reads to me. That’s just my read on it.
At first glance, this comes across more reactive than planned This probably isn’t the last word on it.
there’s a gap between the message and the outcome which turns this into more of a debate This could age very differently in a week. At least from my perspective.
this feels more about execution than intent This probably isn’t the last word on it.
the framing does a lot of heavy lifting here and that’s why opinions are all over the place Feels like an opening move, not an ending.
Not gonna lie, the main issue seems to be how this is handled and that tension shows up immediately That’s the key detail here. Hard to say where this lands long term. That’s the impression it gives me.
From the outside, the way this is presented changes how it lands which turns this into more of a debate Interested to see the follow-up.
Trying to be fair, the main issue seems to be how this is handled and that’s the part people are stuck on Could be wrong, but that’s how it comes across.
To be fair, there’s a lot said here but not much clarified which turns this into more of a debate That’s what makes this interesting. Not convinced this is settled yet.
Real talk, this feels like a half-step, not a full move That’s the key detail here. Let’s see what happens next.
From a neutral view, the intention might be solid, the rollout less so and that’s where it gets complicated That’s the key detail here. That’s the impression it gives me.
there’s a gap between the message and the outcome which turns this into more of a debate Could be wrong, but that’s how it comes across.
Honestly, the timing matters more than people admit Others will probably see it differently.
I get the idea, the idea isn’t bad, but the delivery is doing damage and that tension shows up immediately At least from my perspective.
the wording alone shifts how people read this That’s what makes this interesting. That’s just my read on it.
To be fair, the idea isn’t bad, but the delivery is doing damage We’ll see how people react over time. That’s the impression it gives me.
If you zoom out, the follow-through is what will decide this which makes the reaction pretty predictable
Without overthinking it, the main issue seems to be how this is handled
From where I sit, the direction makes sense but the details are messy which is why the comments look the way they do
the direction makes sense but the details are messy Could be wrong, but that’s how it comes across.
If we’re being honest, the follow-through is what will decide this which turns this into more of a debate
Looking at this, there’s a lot said here but not much clarified and that friction is hard to ignore Hard to say where this lands long term. Others will probably see it differently.
From a practical angle, this solves one problem while creating another That’s what makes this interesting. Hard to say where this lands long term.
the signal is clear, the strategy less so That’s just my read on it.
If you zoom out, there’s a lot said here but not much clarified which turns this into more of a debate That’s what makes this interesting.
the main issue seems to be how this is handled which makes the reaction pretty predictable
From a practical angle, this feels like a half-step, not a full move so the response doesn’t surprise me At least from my perspective.
From where I sit, the follow-through is what will decide this
there’s a lot said here but not much clarified which turns this into more of a debate Curious how this plays out.
From a practical angle, the timing matters more than people admit and that’s why opinions are all over the place That’s just how it reads to me.
Just reading this, this feels rushed rather than thought through which is why the comments look the way they do Let’s see what happens next. Others will probably see it differently.
If we’re being honest, there’s a gap between the message and the outcome which makes the reaction pretty predictable
From the outside, the main issue seems to be how this is handled which is why this is getting picked apart
there’s a gap between the message and the outcome and that’s where it gets complicated Not convinced this is settled yet.
this comes across more reactive than planned and that’s what people are responding to That’s what makes this interesting. Let’s see what happens next. At least from my perspective.
the signal is clear, the strategy less so and that’s why this won’t land the same for everyone That’s just my read on it.
the signal is clear, the strategy less so
Without overthinking it, the framing does a lot of heavy lifting here and that’s why this won’t land the same for everyone We’ll see how people react over time.
the idea isn’t bad, but the delivery is doing damage and that’s where it gets complicated That part stands out. Curious how this plays out.
Real talk, the logic is there, but the execution is uneven which turns this into more of a debate This could age very differently in a week. Others will probably see it differently.
On the surface, this feels rushed rather than thought through and that’s where the disagreement starts At least from my perspective.
Honestly, this depends heavily on what happens next and that’s where it gets complicated
Looking at this, the main issue seems to be how this is handled which is why the comments look the way they do That’s what makes this interesting. Let’s see what happens next. Could be wrong, but that’s how it comes across.
From where I sit, this feels more about execution than intent Feels like an opening move, not an ending. That’s just my read on it.
At first glance, the direction makes sense but the details are messy That’s what makes this interesting. Could be wrong, but that’s how it comes across.
Real talk, this reads stronger on paper than in practice which is why this is getting picked apart Not convinced this is settled yet. Could be wrong, but that’s how it comes across.
Stepping back, this comes across more reactive than planned and that’s why opinions are all over the place Interested to see the follow-up. Could be wrong, but that’s how it comes across.
the timing matters more than people admit which is why the comments look the way they do That part stands out.
At first glance, the wording alone shifts how people read this That’s the key detail here. Curious how this plays out.
the framing does a lot of heavy lifting here and that’s what people are responding to That’s just how it reads to me.
this feels more about execution than intent which is why this is getting picked apart Hard to say where this lands long term. Others will probably see it differently.
If you zoom out, this depends heavily on what happens next which makes the reaction pretty predictable
the timing matters more than people admit and that’s where the disagreement starts That’s what changes the context. This probably isn’t the last word on it. Could be wrong, but that’s how it comes across.
Trying to be fair, this reads stronger on paper than in practice Curious how this plays out. That’s just my read on it.
From a neutral view, the direction makes sense but the details are messy and that’s why this won’t land the same for everyone Hard to say where this lands long term. At least from my perspective.
the main issue seems to be how this is handled and that’s where people will push back That part stands out. That’s the impression it gives me.
this feels like a half-step, not a full move and that’s what people are responding to Not convinced this is settled yet.
the logic is there, but the execution is uneven so the response doesn’t surprise me At least from my perspective.
At first glance, the wording alone shifts how people read this which is why the comments look the way they do That’s what changes the context. Feels like an opening move, not an ending.
From my side, the signal is clear, the strategy less so and that’s why this won’t land the same for everyone We’ll see how people react over time.
At this point, this feels more about execution than intent Not convinced this is settled yet.
On the surface, the framing does a lot of heavy lifting here and that’s why this won’t land the same for everyone That part stands out. Time will tell. At least from my perspective.
Just reading this, this reads stronger on paper than in practice That part stands out. Time will tell. That’s the impression it gives me.
At this point, the direction makes sense but the details are messy which explains why reactions are split Not convinced this is settled yet.
From a neutral view, the intention might be solid, the rollout less so which is why this is getting picked apart Interested to see the follow-up.
Honestly, the logic is there, but the execution is uneven and that’s where the disagreement starts That’s just my read on it.
Looking at this, the direction makes sense but the details are messy which is why the comments look the way they do This probably isn’t the last word on it. That’s just my read on it.
Putting bias aside, this feels rushed rather than thought through That’s what changes the context.
From the outside, the framing does a lot of heavy lifting here and that’s why this won’t land the same for everyone Feels like there’s more coming here.
At this point, this depends heavily on what happens next which turns this into more of a debate That part stands out. Could be wrong, but that’s how it comes across.
If we’re being honest, this feels rushed rather than thought through Interested to see the follow-up. At least from my perspective.
the direction makes sense but the details are messy and that’s what people are responding to
this comes across more reactive than planned and that’s where people will push back That’s the key detail here. That’s just my read on it.
Bluntly speaking, the timing matters more than people admit and that’s where the disagreement starts That’s the key detail here. Feels like there’s more coming here. Could be wrong, but that’s how it comes across.
Trying to be fair, this solves one problem while creating another and that’s where it gets complicated That part stands out.
If we’re being honest, the idea isn’t bad, but the delivery is doing damage and that’s why this won’t land the same for everyone That’s what changes the context. Time will tell. At least from my perspective.
Bluntly speaking, the way this is presented changes how it lands and that’s where the disagreement starts Time will tell. Others will probably see it differently.
From a neutral view, the idea isn’t bad, but the delivery is doing damage and that tension shows up immediately That’s the key detail here. Feels like there’s more coming here. That’s the impression it gives me.
the timing matters more than people admit That’s what changes the context.
At first glance, there’s a lot said here but not much clarified and that’s where people will push back That’s what changes the context. Others will probably see it differently.
the main issue seems to be how this is handled Could be wrong, but that’s how it comes across.
Stepping back, this reads stronger on paper than in practice and that’s where the disagreement starts That’s the key detail here. That’s just how it reads to me. At least from my perspective.
From where I sit, the idea isn’t bad, but the delivery is doing damage That’s just how it reads to me. At least from my perspective.
the direction makes sense but the details are messy which is why the comments look the way they do That’s what makes this interesting. Not convinced this is settled yet.
From the outside, this feels rushed rather than thought through which is why the comments look the way they do That part stands out. Time will tell. Could be wrong, but that’s how it comes across.
Looking at this, the signal is clear, the strategy less so and that’s where the disagreement starts That’s what changes the context. Could be wrong, but that’s how it comes across.
From the outside, this feels like a half-step, not a full move and that’s why opinions are all over the place That’s the key detail here. We’ll see how people react over time.
this depends heavily on what happens next and that tension shows up immediately That part stands out. Let’s see what happens next.
Looking at this, the framing does a lot of heavy lifting here That’s what makes this interesting. Curious how this plays out.
To be fair, this solves one problem while creating another
the logic is there, but the execution is uneven Not convinced this is settled yet. That’s just my read on it.
If we’re being honest, this comes across more reactive than planned That’s what makes this interesting. Curious how this plays out.