chrishunt/github-auth chrishunt/github-auth

  • Stars
    star
    384
  • Rank 111,726 (Top 3 %)
  • Language
    Ruby
  • License
    MIT License
  • Created over 11 years ago
  • Updated about 6 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
chrishunt/github-auth
github

chrishunt

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

SSH key management for GitHub users

github-auth

Pairing with strangers has never been so good.

github-auth allows you to quickly pair with anyone who has a GitHub account by adding and removing their public ssh keys from your authorized_keys file.

Description

If you agree to #pairwithme, we'll probably be SSHing into my laptop, your laptop, or some laptop in the sky. Sharing passwords over email is no fun, so we'll use public key authentication to keep things fun, fast, and secure.

Let's see how this works.

After you've installed gh-auth, you can give me ssh access with:

$ gh-auth add --users=chrishunt
Adding 2 key(s) to '/Users/chris/.ssh/authorized_keys'

If you'd like me to automatically connect to your existing tmux session, you can do that with a custom ssh command:

$ gh-auth add --users=chrishunt --command="tmux attach"
Adding 2 key(s) to '/Users/chris/.ssh/authorized_keys'

That was easy! When we're done working, you can revoke my access with:

$ gh-auth remove --users=chrishunt
Removing 2 key(s) from '/Users/chris/.ssh/authorized_keys'

You can add and remove any number of users at the same time.

$ gh-auth add --users=chrishunt zachmargolis
Adding 4 key(s) to '/Users/chris/.ssh/authorized_keys'

$ gh-auth list
chrishunt zachmargolis

$ gh-auth remove --users=chrishunt
Removing 2 key(s) from '/Users/chris/.ssh/authorized_keys'

$ gh-auth list
zachmargolis

$ gh-auth remove --users=zachmargolis
Removing 2 key(s) from '/Users/chris/.ssh/authorized_keys'

$ gh-auth list

If you'd like to remove all GitHub users in one fatal swoop, you can do that too.

$ gh-auth remove --users=`gh-auth list`

Sections

  1. Usage
  2. Installation
  3. Troubleshooting
  4. Contributing
  5. Changelog
  6. License

Usage

Command Line

gh-auth can be used from the command line after the gem has been installed.

$ gh-auth
Commands:
  gh-auth add --users=one two three     # Add GitHub users to authorized keys
  gh-auth help [COMMAND]                # Describe available commands or one specific command
  gh-auth list                          # List all GitHub users already added to authorized keys
  gh-auth remove --users=one two three  # Remove GitHub users from authorized keys
  gh-auth version                       # Show gh-auth version

Options:
  [--host=HOST]
  [--path=PATH]

Use the help command for help on a specific command.

$ gh-auth help add
Usage:
  gh-auth add --users=one two three

Options:
  --users=one two three
  [--command=COMMAND]
  [--host=HOST]
  [--path=PATH]

Description:
  `gh-auth add` is used to add one or more GitHub user's public SSH keys to ~/.ssh/authorized_keys. All keys stored on github.com for that user will be added.

  > $ gh-auth add --users=chrishunt zachmargolis
  > Adding 6 key(s) to '/Users/chris/.ssh/authorized_keys'

  By default, users will be granted normal shell access. If you'd like to specify an ssh command that should execute when the user connects, use the `--command` option.

  > $ gh-auth add --users=chrishunt --command="tmux attach"

In Your Project

Want to add/remove keys in your project, but not on the command line? That's ok too.

require 'github/auth'

# Add keys for GitHub user 'chrishunt'
GitHub::Auth::CLI.start %w(add --users=chrishunt)

# Remove keys for GitHub user 'chrishunt'
GitHub::Auth::CLI.start %w(remove --users=chrishunt)

Installation

Install the github-auth gem:

$ gem install github-auth

SSH Public Key Authentication (Mac OS X)

Public key authentication works with Mac OS by default, but you'll need to get your ssh server running. This is done by ticking 'Remote Login' in the 'Sharing' panel of System Preferences.

Now that SSH is running, make sure you have the correct permissions set for your authorized keys.

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys

Verification

If you'd like to verify that everything is working as expected, you can test locally on your own machine.

First, authorize yourself for ssh. (Make sure to replace 'chrishunt' with your GitHub username)

$ gh-auth add --users=chrishunt
Adding 2 key(s) to '/Users/chris/.ssh/authorized_keys'

Now that your keys are added, verify that you can open an SSH session to your machine with public key authentication:

$ ssh -o PreferredAuthentications=publickey localhost

(localhost)$

Next, remove your public keys from the keys file:

$ gh-auth remove --users=chrishunt
Removing 2 key(s) from '/Users/chris/.ssh/authorized_keys'

Now that you've removed your keys, verify that you can no longer log in to your machine with public key authentication:

$ ssh -o PreferredAuthentications=publickey localhost

> Permission denied (publickey,keyboard-interactive)

Troubleshooting

How do people actually connect to my machine?

Good question! Others will connect to your machine using ssh:

$ ssh username@external-ip-address

What username do I use?

The username is going to be the same username that you used to add the keys. In most cases, it's a good idea to create a new pair account and use that account for all pairings. You don't want strangers reading your email!

Once you've created the pair account, you can switch to it yourself in a terminal with:

$ su - pair

How do I get my external IP?

You can get your external IP address with:

$ curl http://checkip.amazonaws.com/

It's still not working! :(

In almost all cases, your laptop is not directly plugged into your modem. You're on a wireless network or plugged directly into a router or switch. This means the external IP address that your pair is connecting to is not your machine, it's actually your router.

You can tell your router to forward ssh connections to your machine by enabling port forwarding. You will want to forward port 22 (ssh) to the local IP address of your machine.

If port 22 is already forwarded to another machine or you want to change things up, you can have ssh listen on another port and have your pair connect with:

ssh -p <port> username@external-ip-address

I can't enable port forwarding, my boss won't let me. Can I still pair?

Yes! A nice solution to this is to have a machine somewhere else that both of you can ssh into. Place this machine on a network that you do have the ability to forward ports. Maybe this machine is at home, a friend's house, or at a company you worked for in the past that forgot to turn it off.

If this isn't possible, then you can use a VPS provider like Linode to setup a pairing machine in the cloud or a tunneling solution like PageKite or Hamachi to make your machine accessible without forwarding ports.

Contributing

Please see the Contributing Document

Changelog

Please see the Changelog Document

License

Copyright (C) 2013 Chris Hunt, MIT License

More Repositories

1

git-pissed

gitting pissed about your code
HTML
835
star
2

dot-files

Dot-files for Linux, Mac OS X, Windows
Vim Script
603
star
3

desktop

A decent way to change your desktop image
Ruby
250
star
4

color-schemes

Color schemes I've used for an extended period of time and like
Vim Script
239
star
5

favcount

Enhance your useless favicon with FavCount technology
JavaScript
183
star
6

rubiks-cube

Solve your Rubik's Cube with an easy two-cycle solution
Ruby
128
star
7

negfix8

Automate the process of scanning negative film
Shell
56
star
8

marked

Themes for Marked, the best live markdown previewer on Mac OS.
CSS
21
star
9

hi

hi, I'm here to debug your HTTP
Ruby
20
star
10

healthyhacker

Welcome to the Healthy Hacker where we talk about programming, puzzles, memory, fitness, diet, and everything else that you, a healthy hacker, find interesting.
JavaScript
16
star
11

tree

Example binary search tree implementation in Java
Java
13
star
12

cards

Memorize a shuffled deck of playing cards
CSS
12
star
13

snoop

Snoop on content, be notified when it changes.
Ruby
8
star
14

alfred

Alfred Workflows
Ruby
6
star
15

exercises

You have one hour to complete this exercise.
Ruby
6
star
16

status-board

Your very own status board API
Ruby
6
star
17

mute

Muting test suites since 2014
Ruby
5
star
18

practice-problems

Fun practice problems
Ruby
4
star
19

zw2fit

Convert zwo workouts to ANT+ FIT
Ruby
4
star
20

gorbypuff

gorbypuff.cat
JavaScript
3
star
21

cane-hashcheck

Create Cane violations for pre-Ruby 1.9 hash syntax
Ruby
3
star
22

helpme

Help me figure this out
Ruby
3
star
23

parse-tree

Example tab tree parser for #ruby on FreeNode
Ruby
2
star
24

maze

Depth-first maze generation
Ruby
2
star
25

wod

workout of the day
JavaScript
2
star
26

chrishunt.github.com

chrishunt.co
JavaScript
2
star
27

latex-makefile

Makefile for LaTex documents.
2
star
28

cube-timer

Rubik's Cube Timer: Generate scrambles and take averages
Ruby
1
star
29

diffie-chat

Diffieโ€“Hellman key exchange
Java
1
star
30

euler

Project Euler
Ruby
1
star
31

roster-runner

Code replacements for fast sports captioning - rosterrunner.com
Ruby
1
star
32

some-skillz

You need to gem install some_skills
Ruby
1
star
33

tortoise

Tortoise is a Logo interpreter for ruby
Ruby
1
star
34

memory

Remember that time you memorized a shuffled deck of cards?
CSS
1
star
35

follower

Keep track of who starts and stops following you on Twitter
Ruby
1
star