Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/jirutka/ssh-getkey-gitlab
A simple script to be used as AuthorizedKeysCommand in OpenSSH server to look up user’s public keys in GitLab or GitHub.
https://github.com/jirutka/ssh-getkey-gitlab
authentication gitlab openssh shell ssh ssh-key
Last synced: 2 months ago
JSON representation
A simple script to be used as AuthorizedKeysCommand in OpenSSH server to look up user’s public keys in GitLab or GitHub.
- Host: GitHub
- URL: https://github.com/jirutka/ssh-getkey-gitlab
- Owner: jirutka
- License: mit
- Created: 2019-04-23T16:13:51.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2022-09-09T15:59:17.000Z (over 2 years ago)
- Last Synced: 2024-09-30T03:05:00.295Z (3 months ago)
- Topics: authentication, gitlab, openssh, shell, ssh, ssh-key
- Language: Shell
- Size: 7.81 KB
- Stars: 19
- Watchers: 4
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.adoc
- License: LICENSE
Awesome Lists containing this project
README
= OpenSSH, look up public keys in GitLab!
:name: ssh-getkey-gitlab
:version: 0.2.0
:gh-name: jirutka/{name}
:script-name: {name}
:cfgfile-name: getkey-gitlab.conf
:file-uri: https://raw.githubusercontent.com/{gh-name}/v{version}This project provides a simple script to be used as `AuthorizedKeysCommand` in OpenSSH server to fetch authorized keys from GitLab or GitHub.
The script stores the fetched keys in a cache directory and automatically fallbacks to the cached keys in case of network or GitLab failure.
It’s written in POSIX shell and requires just one dependency: wget (both GNU and Busybox wget are supported).== Requirements
* http://pubs.opengroup.org/onlinepubs/9699919799/utilities/V3_chap02.html[POSIX-sh] compatible shell (e.g. Busybox ash, dash, ZSH, bash, …)
* `wget` (GNU or Busybox)== Installation
=== Using git and make
[source, sh, subs="verbatim, attributes"]
----
git clone -b v{version} https://github.com/{gh-name}.git
cd {name}
make install
----Standard GNU Makefile variables such as `DESTDIR`, `prefix`, `sbindir`… are supported.
=== Manual
[source, sh, subs="verbatim, attributes"]
----
cd /usr/local/sbin
wget {file-uri}/{script-name}
chown root:root {script-name}
chmod 0755 {script-name}cd /etc/ssh
wget {file-uri}/{cfgfile-name}
chown root:root {cfgfile-name}
chmod 0644 {cfgfile-name}
vim {cfgfile-name} # read next sectioninstall -m 700 -o sshd -g nogroup -d /var/cache/ssh-getkey-gitlab
----== Configuration
The script reads configuration from `/etc/ssh/{cfgfile-name}`.
The file format is a shell script.
The configuration variables are as follows:gitlab_url::
The base URL of the GitLab instance to fetch the keys from.minimum_uid::
Ignore users with UID lower than the specified number.
Default is 1000.timeout::
The network timeout in seconds.
Default is 5.cache_dir::
Path of directory where to store fetched SSH keys.
Default is `/var/cache/ssh-getkey-gitlab`.== Setup OpenSSH server
To configure OpenSSH server to fetch users’ authorized keys from GitLab server:
. Make sure that you have installed `{script-name}` in `/usr/local/sbin` (or `/usr/sbin`) with owner `root` and mode `0755`.
. Add these two lines into `/etc/ssh/sshd_config`:
+
[source, subs="verbatim, attributes"]
----
AuthorizedKeysCommand /usr/local/sbin/{script-name}
AuthorizedKeysCommandUser sshd
----. Restart sshd and check log file if there’s no problem.
Note: This method is supported by OpenSSH since version 6.2-p1 (or 5.3 onRedHat).
== License
This project is licensed under http://opensource.org/licenses/MIT[MIT License].
For the full text of the license, see the link:LICENSE[LICENSE] file.