Open jim3692 opened 10 months ago
i am totally with your security concern.
sshpiper.com is hosted on fly.io, everything is open in the repo and you can definitely host it yourself with following steps
docker build .
--> your own sshpiper-ghthe github appid can be generate here https://github.com/settings/apps
check new project https://github.com/tg123/sshpiper-openpubkey now you can use 3rd oidc to auth
I checked the project trying to understand how it works and what are the security risks of such an approach.
sshpiper.com
, as there are no instructions for self hosting the app. If that is the case, then other credentials of upstream servers, ex. sudo passwords, may be exposed to sshpiper, as they can easily be logged. Besides the logging issue, there would also be a performance impact in SCP.