In order to use SSH principals, you must configure your SSH servers to use them.
You can find here how to generate the file /etc/ssh/ca.pem.
Modify the file /etc/ssh/sshd_config with the following parameters
... # Allow root to connect PermitRootLogin yes # Copy Vault SSH CA TrustedUserCAKeys /etc/ssh/ca.pem # Permit user principals AuthorizedPrincipalsFile /etc/ssh/authorized_principals/%u # Deny non signed key files AuthorizedKeysFile /dev/null # Deny password authentication PasswordAuthentication no ...
Create the /etc/ssh/authorized_principals directory
Also create the file /etc/ssh/authorized_principals/root for the root user
It means that users with hackers and superheros principals can login as root to the server with ssh.
Be sure to be able to connect via a console to your server.
systemctl restart sshd.service