List the accounts that have access to a given server


--osh whoHasAccessTo --host SERVER [OPTIONS]

--host SERVER

List declared accesses to this server

--user USER

Remote user allowed (if not specified, ignore user specifications)

--port PORT

Remote port allowed (if not specified, ignore port specifications)


Don't check accounts' personal accesses (i.e. only check groups)

--ignore-group GROUP

Ignore accesses by this group, if you know GROUP public key is in fact

not present on remote server but bastion thinks it is

Also list accesses that match because is listed in a group or private access,

this is disabled by default because this is almost always just noise (see Note below)

Note: This list is what the bastion THINKS is true, which means that if some group has in its list, then it'll show all the members of that group as having access to the machine you're specifying, through this group key. This is only true if the remote server does have the group key installed, of course, which the bastion can't tell without trying to connect "right now" (which it won't do).