diff options
-rw-r--r-- | LICENSE | 21 | ||||
-rw-r--r-- | README.md | 37 |
2 files changed, 58 insertions, 0 deletions
@@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2018 Ben Burwell + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..9d39961 --- /dev/null +++ b/README.md @@ -0,0 +1,37 @@ +# GitHub SSH AuthorizedKeysCommand Utility + +Use the SSH public keys you've added to GitHub to log in to your machines! + +## 0. Compile for your target OS + +Currently, ghsshauth has been tested on Debian and FreeBSD, but should basically +support all UNIX-like systems. Feel free to send patches. + +``` +$ git clone git@github.com:benburwell/ghsshauth.git +$ cd ghsshauth +$ GOOS=linux GOARCH=amd64 go build +``` + +## 1. Configure host + +Put the binary in `/usr/local/sbin` and make sure it's owned by root and is +chmodded to 755. Open `/etc/ssh/sshd_config`, find the `AuthorizedKeysCommand` +line, and change it to: + +``` +AuthorizedKeysCommand /usr/local/sbin/ghsshauth %h +AuthorizedKeysCommandUser nobody +``` + +(the `%h` represents the home directory of the user being authenticated). + +In your home directory, create the file `.ssh/authorized_github_users` and add +your GitHub username (and any other username you want to have access) to the +file, one per line. You can begin lines with the `#` character to have them be +ignored. + +**IMPORTANT:** You'll need to make sure that the `AuthorizedKeysCommandUser` has +read access to the entire path up to your `authorized_github_users` file, i.e. +your home directory needs to be `chmod 755` as does your `.ssh` directory. Be +sure that any secret keys in your `.ssh` directory such as `id_rsa` are `chmod 600`! |