Use Github to authorise access to your server

Github has all for each github account a public key which can be used to push your repositories using git access. The keys are publicly available using the api url https://api.github.com/users/$user/keys. With these keys we have a central register of ssh public keys, where users can maintain their own key. We can configure the ssh daemon to verify users by their ssh public key to logon to the server.

There are some risks, so make sure all the github accounts are similar to the local user accounts.

Download the following gist and put it into your /etc/ssh/ folder.

curl https://gist.githubusercontent.com/nl5887/aa62810158e2003b4be80b6cfbcd0fdf/raw/b6f04f0926b95e584c9b54bb19807c74217abd04/authorize_github.sh > /etc/ssh/authorize_github.sh

Adjust the owner and mode, otherwise ssh will complain about it.

chown root:root /etc/ssh/authorized_github.sh
chmod 755 /etc/ssh/authorized_github.sh

Configure sshd to use the script, add the following to your /etc/ssh/sshd_config file.

AuthorizedKeysCommand /etc/ssh/authorize_github.sh
AuthorizedKeysCommandUser nobody

Caveats:

• You need to make sure all users on your system have the access to the github account.
• There is no key cache, if Github is offline, you’ll not be able to login to your system