Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict usage to authorized keys #10

Open
Oaz opened this issue Jun 21, 2022 · 3 comments
Open

Restrict usage to authorized keys #10

Oaz opened this issue Jun 21, 2022 · 3 comments

Comments

@Oaz
Copy link

Oaz commented Jun 21, 2022

Hello,

I wanted to restrict the use of the service so that any random public key cannot be used.
I was not able to find any way of doing this so I implemented an "authorized keys" check in the pubkey callback.

  • Is there a way of doing something equivalent that I might have missed?
  • If not, would you be interested in a PR of this commit?
@Oaz
Copy link
Author

Oaz commented Jun 21, 2022

I eventually also added support for openssh certificates.
This allows me to manage authentications in an easier way.

Extensions can be added in the certificate so the default route can be managed from here.
Typically, with "-O extension:pubkey-ish=foobar" when generating the certificate.

@fasmide
Copy link
Owner

fasmide commented Jul 12, 2022

Hi @Oaz

Very nice - these seem like some handy additions - have you thought about how such authentication should be configured?

At the moment, remotemoe goes clear of any configuration other than runtime state - For example, if you added a custom hostname using key X, then other keys cannot take it over, and so on.

I would prefer not to introduce a configuration file. As such, the default behavior must be predictable for the administrators, especially considering this could have an unexpected security impact.

@Oaz
Copy link
Author

Oaz commented Jul 13, 2022

Hi @fasmide
Thanks for the feedback.

I'm not sure I get the "no config file" rationale.
I understand that there's no equivalent to "sshd_config" in remotemoe. (if I compare to an openssh server)

The proposed features are equivalent to the AuthorizedKeysFile and TrustedUserCAKeys entries in sshd_config.
My current implementation uses a "AUTHORIZED_KEYS_FILE" environment variable which is used as both entries in sshd_config. (I just took the simplest path but it could be 2 separate environment variables)
If the environment variable is not defined, then it behaves as in your current implementation : no check on the submitted public key.

So, strictly speaking, there is no configuration file but only a keys file referenced through an environment variable.
When you say "not to introduce a configuration file", do you also mean "not to introduce a keys file"?
If so, then I have no solution to propose at the moment because I cannot think of any other mechanism to store the authorized public keys or CA.

Note : on my own remotemoe server, I just added an "EnvironmentFile" entry in the remotemoe.service to define the AUTHORIZED_KEYS_FILE environment variable.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Oaz @fasmide