undefined | Better HN

0 pointsfrutiger4y ago0 comments

Slightly off-topic, but OpenSSH already supports this via `AuthorizedKeysCommand`: https://man.openbsd.org/sshd_config#AuthorizedKeysCommand

0 comments

3 comments · 1 top-level

nodesocket4y ago· 2 in thread

Oh really interesting. Any good guides you know of how to implement AuthorizedKeysCommand with Redis for example?

macno4y ago

Hi @nodesocket, you can take a look how we solved it with Theo https://theoapp.readthedocs.io/en/latest/index.html It supports fine hosts/users grants - i.e. I can connect as "dev" user on servers "node1" and "node2" but not on "node3" - and it leverages asymmetric key signing to validate the public SSH keys. Theo supports mysql/mariadb/sqlite/postgresql(experimental) for storing data and redis/memecached for caching. Happy to answer any further questions!

frutigerOP4y ago

I'm not really an expert on redis. Perhaps one can fashion something with `redis-cli`? Or write a program that links the redis client library.

j / k navigate · click thread line to collapse