- Lab
-
Libraries: If you want this lab, consider one of these libraries.
- Cloud
- Security

Configure SSH for HashiCorp Vault Authentication
In this hands-on lab, you will be required to configure a HashiCorp Vault to generate SSH one-time passwords for a client on request. In order to achieve this, we will need to configure both the SSH Client, and the HashiCorp Vault servers.

Lab Info
Table of Contents
-
Challenge
Unseal the Vault and Log in with the Root Token
- Retrieve the vault keys.
- Unseal the vault.
- Log in with the
Initial Root Token
.
-
Challenge
Enable SSH Secrets Engine and Provide Access to `ssh/creds/otp_role`
- Enable SSH Secrets engine.
- Create an
otp_role
with key typeotp
. - Create a policy file to provide access to
ssh/creds/otp_role
. - Write a policy based on the
otp-policy.hcl
file.
-
Challenge
Enable the `userpass` Authentication Method
- Enable
userpass
. - Create a user and assign the
otp-policy
.
- Enable
-
Challenge
Install `vault-ssh-helper` and Configure SSH
- On the
SSH Client
server, downloadvault-ssh-helper
. - Add the
ubuntu
user. - Unzip the
vault-ssh-helper_0.1.6_linux_amd64.zip
file and move it to/usr/local/bin
. - Update the permissions on the
vault-ssh-helper
binary. - Change ownership of the binary from the
cloud_user
, to theroot
user, androot
group. - Create a new directory named
vault-ssh-helper
. - Create a configuration file for
vault-ssh-helper
. - Modify the
pam.d/sshd
configuration file. - Modify the
sshd
configuration file. - Restart
sshd
to apply the changes. - Run
vault-ssh-helper
verification.
- On the
-
Challenge
Log in with the `userpass` Credentials, and Generate the One-Time Password
- On the
Vault
server, log in with theuserpass
credentials. - Create a one-time password and copy the
key
for later use. - From the
Client
server, use the one-time password to connect to theSSH Client
server.
- On the
About the author
Real skill practice before real-world application
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Learn by doing
Engage hands-on with the tools and technologies you’re learning. You pick the skill, we provide the credentials and environment.
Follow your guide
All labs have detailed instructions and objectives, guiding you through the learning process and ensuring you understand every step.
Turn time into mastery
On average, you retain 75% more of your learning if you take time to practice. Hands-on labs set you up for success to make those skills stick.