aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--LICENSE21
-rw-r--r--README.md37
2 files changed, 58 insertions, 0 deletions
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..8a33db2
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2018 Ben Burwell
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..9d39961
--- /dev/null
+++ b/README.md
@@ -0,0 +1,37 @@
+# GitHub SSH AuthorizedKeysCommand Utility
+
+Use the SSH public keys you've added to GitHub to log in to your machines!
+
+## 0. Compile for your target OS
+
+Currently, ghsshauth has been tested on Debian and FreeBSD, but should basically
+support all UNIX-like systems. Feel free to send patches.
+
+```
+$ git clone git@github.com:benburwell/ghsshauth.git
+$ cd ghsshauth
+$ GOOS=linux GOARCH=amd64 go build
+```
+
+## 1. Configure host
+
+Put the binary in `/usr/local/sbin` and make sure it's owned by root and is
+chmodded to 755. Open `/etc/ssh/sshd_config`, find the `AuthorizedKeysCommand`
+line, and change it to:
+
+```
+AuthorizedKeysCommand /usr/local/sbin/ghsshauth %h
+AuthorizedKeysCommandUser nobody
+```
+
+(the `%h` represents the home directory of the user being authenticated).
+
+In your home directory, create the file `.ssh/authorized_github_users` and add
+your GitHub username (and any other username you want to have access) to the
+file, one per line. You can begin lines with the `#` character to have them be
+ignored.
+
+**IMPORTANT:** You'll need to make sure that the `AuthorizedKeysCommandUser` has
+read access to the entire path up to your `authorized_github_users` file, i.e.
+your home directory needs to be `chmod 755` as does your `.ssh` directory. Be
+sure that any secret keys in your `.ssh` directory such as `id_rsa` are `chmod 600`!