This is an sshd helper intended to be used in conjunction with the
AuthorizedKeysCommand configuration option to check a user's presented key against their GitHub account. This is definitely not the most secure thing to do, but can be used for transient instances like Amazon and other cloud instances for temporary deployments so that you, as the admin, don't have to manage SSH keys :-) Just add users and go. Note: Local usernames must match the user's GitHub account name
Simply clone the repository and use
go build -o gh_authkey_checker main.go to build a binary. This repository is also mirrored on GitHub, because, afterall, it's Go. If you trust me, the most up-to-date copy of the tool can also be found here
Per FHS, this most likely belongs in
/opt, but I'm sticking it in
/usr/local/sbin to minimize configuration (again, on testing and short deployment cloud instances). Simply copy the binary you built or downloaded in
chown root:root /usr/local/sbin/gh_authkey_checker. Lastly, make sure that only root can execute,
chmod 700 /usr/local/sbin/gh_authkey_checker.
This utility is only tested on Arch and CentOS 7 at this point, but should work fine on Debian and Ubuntu as well. Uncomment/add/modify the following lines in
AuthorizedKeysCommand /usr/local/sbin/gh_authkey_checker AuthorizedKeysCommandUser root
then restart sshd
systemctl restart sshd.
Special thanks to amayer for always critiquing my Go and being a smartass :-)