GitHub AuthorizedKeysCommand (hubakc)

Heavily inspired by https://github.com/sequencer/gitakc . It allows someone login to the server using their ssh keys on GitHub. When it fails to run, sshd will fallback to the local authorized_keys file.

Put config.toml in /etc/hubakc/config.toml, and add user map.
Put the binary in /usr/local/bin/hubakc. Make sure that the owner is root and the permission is 755.
Edit the sshd config as follows:

AuthorizedKeysCommand /usr/local/bin/hubakc
AuthorizedKeysCommandUser nobody

Example

Given the config file config.toml

ttl = 3600
timeout = 5
cache_folder = "/tmp/hubakc"
# http_proxy = "127.0.0.1:1080"
[user_map]
mgt = "Enter-tainer"
jumpuser = ["Enter-tainer", "Shawlleyw"]

> hubakc mgt
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJgIynaQvTeYZ5iPigLnYRkRThxE04U7ACjuHRkQBAk+
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL2C/osNvVrilQDE3T/tTK9TRQ0+xVSbFU6wN5oIr2Fv
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKvQJ1fgkAS2yuy+cbl8iYaiw0IR4lkQIJIKgj7liax
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKSkhuW2F4UCnIa4b2m0gUt4A5Bv+UYGsUYEl9VmLJbu

Related Projects

tosh

Imagine your SSH server only listens on an IPv6 address, and where the last 6 digits are changing...

21 May 2021 416

simpleinfra

Rust Infrastructure automation

21 Jul 2017 147

pam_rssh

Remote sudo authenticated via ssh-agent

05 Feb 2022 85

git-credential-github-keychain

Rust implementation of a git-credential helper for storing GitHub Tokens

25 Sep 2020 4