{"id":15510661,"url":"https://github.com/dalen/ssh-auth-github","last_synced_at":"2025-04-23T03:05:57.888Z","repository":{"id":48315255,"uuid":"131050781","full_name":"dalen/ssh-auth-github","owner":"dalen","description":"OpenSSH AuthorizedKeysCommand to fetch keys from GitHub","archived":false,"fork":false,"pushed_at":"2021-08-02T04:17:33.000Z","size":457,"stargazers_count":7,"open_issues_count":5,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-04-23T03:05:52.058Z","etag":null,"topics":["github","ssh"],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dalen.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-04-25T18:56:46.000Z","updated_at":"2021-08-02T04:16:10.000Z","dependencies_parsed_at":"2022-09-21T11:32:00.926Z","dependency_job_id":null,"html_url":"https://github.com/dalen/ssh-auth-github","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dalen%2Fssh-auth-github","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dalen%2Fssh-auth-github/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dalen%2Fssh-auth-github/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dalen%2Fssh-auth-github/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dalen","download_url":"https://codeload.github.com/dalen/ssh-auth-github/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250360480,"owners_count":21417721,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github","ssh"],"created_at":"2024-10-02T09:50:19.300Z","updated_at":"2025-04-23T03:05:57.873Z","avatar_url":"https://github.com/dalen.png","language":"Rust","readme":"## About\n\nThis is a command that can be used as a `AuthorizedKeysCommand` for OpenSSH.\nIt fetches the public keys for all members of a specific GitHub team in a specific organization and allows them to login.\n\nAt the moment it is made for a single login user, so all members of the team are allowed to login as that user.\n\nAll keys are fetched in a single API call using the GitHub V4 API,\nso the request latency should be a lot lower compared to solutions using the V3 API.\n\n## Usage\n\n* Build with `cargo build --release`, the binary will be in `target/release/ssh-auth-github`.\n* Put a config file at `/etc/ssh-auth-github.ini`, and specify organization and team.\n  The token should be a GitHub Oauth token with the `read:org` scope.\n  You can create it under Settings -\u003e Developer Settings -\u003e Personal access tokens\n* Add `AuthorizedKeysCommand /path/to/ssh-auth-github` in your `sshd_config` and reload sshd.\n\nYou can also create a `ssh-auth-github.ini` in this directory and build a container with it using\n`docker build . -t sshtunnel`. That will create a container running SSH and only allow tunneling as the `tunnel` user.\n\n## Limitations\n\nIt only fetches the first 100 users in the team and the first 100 keys for each user.\nIt does not yet attempt to do pagination to fetch more than that.\n\nThere is no caching, so you might run in to GitHub request limits.\nAt the point of writing the limit is roughly 500,000 public keys per hour.\nSo how many login attempts that translates into depends on the size of your team.\n\nA simple way to do caching is to run this as a cron job and write out the results to the `authorized_keys` file,\ninstead of running it as a `AuthorizedKeysCommand`.\n\n## Related work:\n\n* https://github.com/cloudposse/github-authorized-keys\n* https://github.com/trevoro/sshauth\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdalen%2Fssh-auth-github","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdalen%2Fssh-auth-github","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdalen%2Fssh-auth-github/lists"}