I would like to set up a VPN-Server for our users that allows them to authenticate with every key in ~/.ssh/authorized_keys
.
- I know that wireguard uses SSH-keys as well, but how can I tell it to accept the user's
authorized_keys
? Querying all possible public keys each time a user changes hisauthorized_keys
is not an option. - Openvpn has
auth-user-pass
, but that's uncomfortable. - Also, OpenVPN's certs are basically the same like SSH keys, but they need to be signed from OpenVPN's CA.
Can I somehow tell OpenVPN to accept unsigned certificates if they reside in some database?
Do you have any idea how to sove this properly?