Authentik Security
So I have a couple of applications up and running now, which means I know have a bunch of different usernames and passwords. It'd be great if I can replace them all and just have one login across these applications. It seems like two big players in the open source world are Authellia and Authentik. From the reviews it seems like I might have some more success with Authentik. From a quick glance at their integrations they have documentation to work with Bookstack. That should give me a great head start!
Create a Virtual Machine
Steps performed on HV-03 from Windows Admin Center
- Navigate to
Virtual Machines - Click on
Add - Select
New- Name:
AUTHENTIK-01 - Generation:
Generation 2 - Virtual Processor:
2 - Memory:
4GB - Virtual Switch:
Default External Switch - Isolation Mode:
None - Storage:
40GB
- Name:
- Select
AUTHENTIK-01 - Click on
Settings- Navigate to
Disks- Click on
Add disk - Select
Use an existing virtual hard disk or ISO image file - Select
Debian 11.6.0-amd64-netinst.iso - Click
Save disks settings
- Click on
- Navigate to
Boot orderDVDHard DiskNetwork Adapter- Click
Save boot order
- Navigate to
Security- Enable Secure Boot:
Check - Template:
Microsoft UEFI Certificate Authority - Click
Save security settings
- Enable Secure Boot:
- Navigate to
- Click on
Power - Select
Start
Install Operating System
I walk through Debian's installation wizard naming the virtual machine AUTHENTIK-01 and reboot.
Configure Operating System
Configure Network
Steps performed on AUTHENTIK-01
- Log in as
root - nano /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet static
address 10.10.10.XXX
gateway 10.10.10.254
netmask 255.255.255.0
- I save
interfaces systemctl restart networking
Configure Sudo
apt install sudo/sbin/adduser/ david sudoAdding user 'david' to group 'sudo' ...Adding user david to group sudoDone.
reboot
Add Local A Record
Steps performed on DC-02 via Windows Admin Center
- Navigate to
DNS - Select
domain.local - Click on
Create a new DNS Record- DNS Record Type:
Host (A) - Record Name (uses FQDN if blank):
AUTHENTIK - IP Address:
10.10.10.XXX - Time to live (TTL, seconds):
3600 - Click
Create
- DNS Record Type:
Configure SSH Key
Steps performed on desktop via Windows Terminal
ssh-keygen -t ed25519Move-Item -Path c:\Users\david\filename* -Destination c:\Users\david\.ssh -Force- I open Windows Terminal
Settings - I open the
JSONfile and add the following:
{
"colorScheme": "Ubuntu-ColorScheme",
"commandline": "ssh -i \"~/.ssh/authentik-01\" [email protected]",
"experimental.retroTerminalEffect": false,
"font":
{
"face": "Cascadia Code"
},
"guid": "{0caa0dad-35be-5f56-a8ff-XXXXXXXXXXXX}",
"hidden": false,
"name": "AUTHENTIK-01",
"tabTitle": "AUTHENTIK-01"
},
- I make sure the
GUIDis unique and save theJSONfile
Configure SSH
Steps performed on AUTHENTIK-01
mkdir /home/david/.sshnano /home/david/.ssh/authorized_keys- I paste in the public key and save
authorized_keys chmod 600 /home/david/.ssh/authorized_keyssudo nano /etc/ssh/sshd_configPermitRootLogin noPubkeyAuthentication yesPubkeyAcceptedKeyTypes ssh-ed25519PasswordAuthentication noAuthorizedKeysFile /home/david/.ssh/authorized_keys
- I save the file
sshd_config sudo sshd -tsudo systemctl restart ssh
Install Authentik Prerequisites
Steps performed on AUTHENTIK-01
sudo apt install dockersudo apt install docker-compose
I've only got about five minutes left so I'm going to pause here and I'll start up on installing Authentik tomorrow.