Hacker News new | past | comments | ask | show | jobs | submit login

Out of curiosity, how do you manage git account authentication?

I have been trying to find a git server solution that uses a database to do access control for repositories over SSH.




I’m forgetting the details and names of the API calls, but essentially, you can override the default SSH authentication check which normally looks in the authorized_key file to instead query a remote resource to get back the fingerprint for that key pair. You can then use this in that custom script to authenticate the connection. You also need a second piece, one that uses SSH ForcedCommands, to essentially pipe the original git request into the newly authenticated session and execute.

If I remember the name of the method to override I’ll update. It was hard to find. It has everything to do with SSH and nothing to do with Git.

Edit: Found it - it's the AuthorizedKeysCommand [1] and you can use that in lieu of an AuthorizedKeysFile (which is authorized_keys by default) to run a script that can query a remote resource for the pubkey.

[1] https://man.openbsd.org/sshd_config#AuthorizedKeysCommand


Awesome, thank you!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: