whoHasAccessTo
List the accounts that have access to a given server
usage
--osh whoHasAccessTo --host SERVER [OPTIONS]
- --host SERVER
List declared accesses to this server
- --user USER
Remote user allowed (if not specified, ignore user specifications)
- --port PORT
Remote port allowed (if not specified, ignore port specifications)
- --ignore-personal
Don't check accounts' personal accesses (i.e. only check groups)
- --ignore-group GROUP
Ignore accesses by this group, if you know GROUP public key is in fact
not present on remote server but bastion thinks it is
- --show-wildcards
Also list accesses that match because 0.0.0.0/0 is listed in a group or private access,
this is disabled by default because this is almost always just noise (see Note below)
Note: This list is what the bastion THINKS is true, which means that if some group has 0.0.0.0/0 in its list, then it'll show all the members of that group as having access to the machine you're specifying, through this group key. This is only true if the remote server does have the group key installed, of course, which the bastion can't tell without trying to connect "right now" (which it won't do).