SSH AuthorizedKeysCommand proxy: publish your SSH authorized_keys from an existing AuthorizedKeysCommand
Project description
sshauthproxy
sshauthproxy
is a simple tornado
-based daemon that exports your SSH keys
from an AuthorizedKeysCommand
via a simple HTTP-based API.
Why?
I am rather fond of sss_ssh_authorizedkeys
and managing SSH keys in LDAP.
However, I would like to be able to pull SSH keys from an LDAP directory on
servers that I do not want to be added to the directory. Now, I can run
sshauthproxy
on a server in the directory, and pull the keys from any server
I want.
While the default AuthorizedKeysCommand
is sss_ssh_authorizedkeys
, I am
sure there are other AuthorizedKeysCommand
that would be useful when proxied.
Installation
# On the machine publishing the keys (server):
pip install sshauthproxy
# Run the server:
sshauthproxy [--address=<the IP to listen on>] [--port=<port to listen on>]
# To proxy something other than sss_ssh_authorizedkeys, specify --command=<your command>.
# By default, the server binds to 0.0.0.0:8888 and [::]:8888.
# On the machine using the keys (client):
sudo curl https://raw.githubusercontent.com/quantum5/sshauthproxy/master/sshauth-client -o/usr/local/bin/sshauth-client
echo https://sshauth.example.com | sudo tee /etc/sshauth-server
# Now add the following lines to /etc/ssh/sshd_config on the client:
AuthorizedKeysCommand /usr/local/bin/sshauth-client
AuthorizedKeysCommandUser nobody
API
The API is very simple:
GET /
: shows usage information.GET /<username>
: shows the SSH keys for the given username, if available. Otherwise, it returns 404 with a blank response body.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for sshauthproxy-0.1-py2.py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 785356e1c9c807663efab8fe87d72bf28cf406f04ee54658fb4ee6da7fabdfac |
|
MD5 | 86564b60776cb428a55d6ae590e38f07 |
|
BLAKE2b-256 | 2efcc2e07477d3a59289154d5ee9bc34bdb421fa419bf8637a52f219eab7a8e9 |