SSH login based on keys from composer
SSH login based on keys from composer.
OpenSSH 6.2 introduced
sshd_config option, which
allows ssh daemon to invoke a command each time a login is attempted to fetch
keys for the specific username. This is essentially how
doorkeeper works - it
fetches keys from
composer service to find out which users should be allowed
to SSH onto this machine.
Note: it doesn't support per-user authentication. All keys added to
composer are valid.
bin/doorkeeper somewhere (
npm -g install might not work great due to
permission issues) and add those 2 lines to your
AuthorizedKeysCommand <path-to-doorkeeper>AuthorizedKeysCommandUser <user-you-want-doorkeeper-to-run-as>
Example from nodejitsu server:
AuthorizedKeysCommand /usr/bin/doorkeeperAuthorizedKeysCommandUser root
doorkeeper needs a config file to know where
composer service is running.
It looks up 3 paths:
Example config file:
If no port is given, it defaults to 9003.
Please note that
doorkeeper's config file format is identical to
so if you have
quill installed and configured,
doorkeeper integration is