Giter Site home page Giter Site logo

fernandomiguel / sshremotekeys Goto Github PK

View Code? Open in Web Editor NEW
77.0 6.0 8.0 38 KB

Managing SSH keys remotely to control access to hosts

License: MIT License

Shell 100.00%
ssh sshd ssh-key ed25519 remote maintenance overhead sysadmin authorizedkeyscommand aws

sshremotekeys's People

Contributors

fernandomiguel avatar slamdunk avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

slamdunk ibuystuff cerebralmischief ganps7 varunsamineni xserveraws centminmod jaxmetalmax

sshremotekeys's Issues

Cache for rate limits

I'm not aware of average key rotation time of the user this package is written for, but I would consider acceptable to cache my keys for, let's say, 5 minutes, without compromizing security in case of key revocation.

Back from easter vacation I can PR a change, if you haven't written something yet.

nobody has no $home

since AuthorizedKeysCommand runs as nobody, the key cache dir can't be $home.

sudo -Hu nobody /usr/local/bin/userkeys.sh
/nonexistent/.ssh/authorized_keys_cache
/usr/local/bin/userkeys.sh: 20: /usr/local/bin/userkeys.sh: cannot create /nonexistent/.ssh/authorized_keys_cache: Directory nonexistent

the script needs to be customized to replace "USER" with your own username?

It seems your script hardcode the username USER, and that seems quite dangerous given you don't really state it in the docs that you should absolutely customize it.

I guess there is a better solution, which is to use the first argument passed to the script when sshd invokes the command:

     AuthorizedKeysCommand
             Specifies a program to be used to look up the user's public keys.  The program must be
             owned by root, not writable by group or others and specified by an absolute path.  Argu‐
             ments to AuthorizedKeysCommand accept the tokens described in the TOKENS section.  If no
             arguments are specified then the username of the target user is used.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.