Configure SSHepherd to Require Reauthentication for Privileged Actions

SSHepherd Security Settings Explained

• API_LIMIT_SINGLE_USE

If API_LIMIT_SINGLE_USE is set to TRUE, users will be prompted to re-authenticate each time they perform an action that requires an API call or administrative privileges. For example, listing hosts (list-host) will not prompt for additional authentication, but creating a user (create-user) , or starting a tunnel (ssh-tunnel) will require re-authentication.

• API_LIMIT_FRESHNESS

If API_LIMIT_FRESHNESS is set to TRUE, users will be prompted to re-authenticate each time they perform an action that requires an API call or administrative privileges within the time limit configured in the API_LIMIT_FRESH_WITHIN_SECONDS setting. If API_LIMIT_FRESHNESS is set to FALSE, this feature is disabled, and the API_LIMIT_FRESH_WITHIN_SECONDS setting is ignored.

• API_LIMIT_FRESH_WITHIN_SECONDS

If API_LIMIT_FRESHNESS is set to TRUE, the API_LIMIT_FRESH_WITHIN_SECONDS setting specifies the number of seconds within which users can perform multiple API calls or an action that requires administrative privileges without being prompted to re-authenticate. For instance, setting this to 300 means users can make multiple API calls or perform actions that require administrative privilege for up to 300 seconds without needing to re-authenticate. Once the timer expires, users will be prompted to enter their credentials again to continue performing these actions.