Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jirutka/ssh-getkey-gitlab

A simple script to be used as AuthorizedKeysCommand in OpenSSH server to look up user’s public keys in GitLab or GitHub.
https://github.com/jirutka/ssh-getkey-gitlab

authentication gitlab openssh shell ssh ssh-key

Last synced: about 1 month ago
JSON representation

A simple script to be used as AuthorizedKeysCommand in OpenSSH server to look up user’s public keys in GitLab or GitHub.

Host: GitHub
URL: https://github.com/jirutka/ssh-getkey-gitlab
Owner: jirutka
License: mit
Created: 2019-04-23T16:13:51.000Z (over 5 years ago)
Default Branch: master
Last Pushed: 2022-09-09T15:59:17.000Z (about 2 years ago)
Last Synced: 2024-09-30T03:05:00.295Z (about 2 months ago)
Topics: authentication, gitlab, openssh, shell, ssh, ssh-key
Language: Shell
Size: 7.81 KB
Stars: 19
Watchers: 4
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.adoc
- License: LICENSE

Awesome Lists containing this project

README

        = OpenSSH, look up public keys in GitLab!

:name: ssh-getkey-gitlab

:version: 0.2.0

:gh-name: jirutka/{name}

:script-name: {name}

:cfgfile-name: getkey-gitlab.conf

:file-uri: https://raw.githubusercontent.com/{gh-name}/v{version}

This project provides a simple script to be used as `AuthorizedKeysCommand` in OpenSSH server to fetch authorized keys from GitLab or GitHub.

The script stores the fetched keys in a cache directory and automatically fallbacks to the cached keys in case of network or GitLab failure.

It’s written in POSIX shell and requires just one dependency: wget (both GNU and Busybox wget are supported).

== Requirements

* http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html[POSIX-sh] compatible shell (e.g. Busybox ash, dash, ZSH, bash, …)

* `wget` (GNU or Busybox)

== Installation

=== Using git and make

[source, sh, subs="verbatim, attributes"]

----

git clone -b v{version} https://github.com/{gh-name}.git

cd {name}

make install

----

Standard GNU Makefile variables such as `DESTDIR`, `prefix`, `sbindir`… are supported.

=== Manual

[source, sh, subs="verbatim, attributes"]

----

cd /usr/local/sbin

wget {file-uri}/{script-name}

chown root:root {script-name}

chmod 0755 {script-name}

cd /etc/ssh

wget {file-uri}/{cfgfile-name}

chown root:root {cfgfile-name}

chmod 0644 {cfgfile-name}

vim {cfgfile-name}  # read next section

install -m 700 -o sshd -g nogroup -d /var/cache/ssh-getkey-gitlab

----

== Configuration

The script reads configuration from `/etc/ssh/{cfgfile-name}`.

The file format is a shell script.

The configuration variables are as follows:

gitlab_url::

  The base URL of the GitLab instance to fetch the keys from.

minimum_uid::

  Ignore users with UID lower than the specified number.

  Default is 1000.

timeout::

  The network timeout in seconds.

  Default is 5.

cache_dir::

  Path of directory where to store fetched SSH keys.

  Default is `/var/cache/ssh-getkey-gitlab`.

== Setup OpenSSH server

To configure OpenSSH server to fetch users’ authorized keys from GitLab server:

. Make sure that you have installed `{script-name}` in `/usr/local/sbin` (or `/usr/sbin`) with owner `root` and mode `0755`.

. Add these two lines into `/etc/ssh/sshd_config`:

+

[source, subs="verbatim, attributes"]

----

AuthorizedKeysCommand /usr/local/sbin/{script-name}

AuthorizedKeysCommandUser sshd

----

. Restart sshd and check log file if there’s no problem.

Note: This method is supported by OpenSSH since version 6.2-p1 (or 5.3 onRedHat).

== License

This project is licensed under http://opensource.org/licenses/MIT[MIT License].

For the full text of the license, see the link:LICENSE[LICENSE] file.