Closed clach04 closed 4 years ago
Hi, key registration was never documented. It will create a TCP/IP connection to the given IP address and port (e.g. 192.168.1.1:50007
) and send the public key as byte stream.
.. It would be nicer to send the key in PEM format (in ASCII) and to display back any message the registration server send back (like 'Thanks for the key. Speak to the Admin to let it be enabled.'). nvm, it is already in pem format.
@clach04 yes, the public key is send via tcp to the given address. That is all. I use netcat on the console for a simple example: nc -l 12345 -c register.sh
and register.sh contains cat >> sshkeys.txt
.
The next version will not require the tcp:// in front. Also, the script can send back a custom message that will be displayed.
@clach04 yes, the public key is send via tcp to the given address. That is all. I use netcat on the console for a simple example:
nc -l 12345 -c register.sh
and register.sh containscat >> sshkeys.txt
.
That's really neat!
I've not yet put a lot of thought into it but my intention is to update my script to use environment and/or command directive to ~/.ssh/authorized_keys to use a restricted shell. That way, the same user id can be used but something in the environment would distinguish the different key (real user) that used it - see https://unix.stackexchange.com/questions/15575/can-i-find-out-which-ssh-key-was-used-to-access-an-account.
I did wonder about rolling my own ssh service via Paramiko but I'm thinking a restricted shell is likely to be more robust :)
This project certainly needs more documentation and howtos.
I have added a documentation site along with a key registration example.
There is a cool key registration option in Trigger but I can't locate docs for it.
I think I've figured out how to make use of it. I posted some docs to https://github.com/clach04/shell_locked#key-registration (along with a dumb implementation of a server that can then record the finger print). Is this how registration is intended to work?