Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
CIRCLE
/
django-sshkey
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
ae973cd1
authored
Jun 10, 2013
by
Scott Duckworth
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
add README.md
parent
59b5cfc3
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
78 additions
and
0 deletions
+78
-0
README.md
+78
-0
No files found.
README.md
0 → 100644
View file @
ae973cd1
django-sshkey lets you use a patched OpenSSH server to authenticate incoming
SSH connections via public key authentication and identify the Django User that
owns that key.
# The OpenSSH Patch
At the top level of this repository is a patch for OpenSSH 6.2p2 which modifies
the AuthorizedKeysCommand config option so that the incoming SSH public key is
passed to the command via standard input. The incoming username will still be
passed as the first argument to the specified command.
# The Django app
The Django app is located in the sshkey directory at the top level of this
repository. You should point Django to it in your project's settings.py or
copy it into your project's directory.
In order to associate an incoming public key with a user you must define
SSHKEY
\_
AUTHORIZED
\_
KEYS
\_
COMMAND in your project's settings.py. This should
be a string containing the command which is run after successful
authentication, with "{username}" being replaced with the username of the user
associated with the incoming public key.
## URL Configuration
This text assumes that your Django project's urls.py maps sshkey.urls into the
url namespace as follows:
urlpatterns = patterns('',
...
url('^sshkey/', include(sshkey.urls)),
...
)
You will need to adjust your URLs if you use a different mapping.
# Tying OpenSSH's AuthorizedKeysCommand to the sshkey Django app
There are three provided ways of connecting AuthorizedKeysCommand to Django.
In all cases it is recommended and/or required that the command specified with
AuthorizedKeysCommand be a shell script that is owned by and only writable by
root which invokes one of the commands below:
1.
Using lookup.sh
Usage: lookup.sh URL
[
USERNAME
]
URL should be the full URL to /sshkey/lookup on your Django web server running
the sshkey app.
If USERNAME is specified, lookup keys owned by that user and print them to
standard output. Any standard input is ignored.
If USERNAME is not specified, the incoming public key should be provided on
standard input; if the key is found it is printed to standard output.
This command assumes that some fairly standard commands, like ssh-keygen and
curl, are found in $PATH.
This is generally the fastest method.
2.
Using lookup.py
Same as above, but it's all written in Python and doesn't rely on external
commands.
This is generally the second fastest method.
3.
Using manage.py sshkey
\_
authorized
\_
keys
\_
command
Usage: PATH
\_
TO
\_
DJANGO
\_
PROJECT/manage.py sshkey
\_
authorized
\_
keys
\_
command
[
USERNAME
]
Same semantics for USERNAME as above.
This method does not rely on the /sshkey/lookup URL, and instead creates its
own database connection each time it is invoked.
This is generally the slowest method.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
