• Stars
    star
    142
  • Rank 258,495 (Top 6 %)
  • Language
    C
  • License
    GNU General Publi...
  • Created almost 8 years ago
  • Updated 5 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Management linux user and authentication with team or collaborator on Github.

OCTOPASS

OCTOPASS: Management linux user and authentication with team or collaborator on Github.

GitHub Workflow Status GitHub Workflow Status

Description

This is user management tool for linux by github. The name-resolves and authentication is provided the team or collaborator on github. Features easy handling and ease of operation.

Usage

Github Org/Team

For example, adding "Ken" to a team with github organization ...

OCTOPASS is a valid linux server, Ken will be able to ssh login with the key registered in github.

Wow!?

By OCTOPASS name resolution, you can check the id of team members of github organization.

$ id ken
uid=5458(ken) gid=2000(operators) groups=2000(operators)

You can also see a list like /etc/passwd,shadow,group by OCTOPASS. For detail --help.

$ octopass passwd
chun-li:x:14301:2000:managed by octopass:/home/chun-li:/bin/bash
dhalsim:x:8875:2000:managed by octopass:/home/dhalsim:/bin/bash
ken:x:5458:2000:managed by octopass:/home/ken:/bin/bash
ryu:x:74049:2000:managed by octopass:/home/ryu:/bin/bash
sagat:x:93011:2000:managed by octopass:/home/sagat:/bin/bash
zangief:x:8305:2000:managed by octopass:/home/zangief:/bin/bash

And OCTOPASS gets the public key from github for key authentication.

$ octopass ken
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqUJvs1vRgHRMH9dpxYcBBV687njS2YrJ+oeIKvbAbg6yL4QsJMeElcPOlmfWEYsp8vbRLXQCTvv14XJfKmgp8V9es5P/l8r5Came3X1S/muqRMONUTdygCpfyo+BJGIMVKtH8fSsBCWfJJ1EYEesyzxqc2u44yIiczM2b461tRwW+7cHNrQ6bKEY9sRMV0p/zkOdPwle30qQml+AlS1SvbrMiiJLEW75dSSENr5M+P4ciJHYXhsrgLE95+ThFPqbznZYWixxATWEYMLiK6OrSy5aYss4o9mvEBJozyrVdKyKz11zSK2D4Z/JTh8eP+NxAw5otqBmfNx+HhKRH3MhJQ==

Why?

I did not need functions like ldap, and asked for ease and ease of introduction. Therefore, the user only considers it as administrator authority. However, it is very easy to add a newly added user or to remove a user who leaves.

Also, in order to speedily resolve names, Github API responses are file cached. With this, even if Github is down, it will work if past caches remain.

Architecture

Architecture

Installation

Ubuntu:

$ curl -s https://packagecloud.io/install/repositories/linyows/octopass/script.deb.sh | sudo bash
$ sudo apt-get install octopass

CentOS:

$ curl -s https://packagecloud.io/install/repositories/linyows/octopass/script.rpm.sh | sudo bash
$ sudo yum install octopass

Packages are provided via packagecloud.

Building from Source

Dependency

  • glibc
  • libcurl
  • jansson
$ git clone https://github.com/linyows/octopass
$ make && make install
$ mv octopass.conf.example /etc/octopass.conf

Configuration

Edit octopass.conf:

$ mv /etc/{octopass.conf.example,octopass.conf}
Key Description Default
Endpoint github endpoint https://api.github.com
Token github personal access token -
Organization github organization -
Team github team -
Owner github owner -
Repository github repository -
Permission github collaborator permission write
Group group on linux same as team
Home user home /home/%s
Shell user shell /bin/bash
UidStarts start number of uid 2000
Gid gid 2000
Cache github api cache sec 500
Syslog use syslog false
SharedUsers share auth of specific users on team []

Generate token from here: https://github.com/settings/tokens/new. Need: Read org and team membership

SSHD Configuration

/etc/ssh/sshd_config:

AuthorizedKeysCommand /usr/bin/octopass
AuthorizedKeysCommandUser root
UsePAM yes
PasswordAuthentication no

PAM Configuration

Add to top of /etc/pam.d/sshd this:

auth	requisite	pam_exec.so	quiet	expose_authtok	/usr/bin/octopass pam
auth	optional	pam_unix.so	not_set_pass	use_first_pass	nodelay
session	required	pam_mkhomedir.so	skel=/etc/skel/	umask=0022

Name Service Switch Configuration

/etc/nsswitch.conf:

passwd:     files octopass sss
shadow:     files octopass sss
group:      files octopass sss

Enable OCTOPASS as name resolution.

Provisioning

Thank you @uchida, @hnmx4 and @hfm for some provisioning tools.

Backers ๐Ÿš€

Support us with a monthly donation and help us continue our activities. [Become a backer]

Author

linyows

More Repositories

1

github-wiki-search

:octocat: Search wiki of the repository on Github
191
star
2

jquery-emoji

A simple, lightweight jQuery plugin for emoji parser.
61
star
3

capistrano-github-releases

:octocat: GitHub Releases tasks for Capistrano v3
Ruby
42
star
4

hose

A real-time resizing image server for Amazon S3.
JavaScript
39
star
5

dewy

Dewy is a Linux service that enables declarative deployment of applications in non-Kubernetes environments.
Go
31
star
6

rotion

โ—‹ Rotion makes it easy to generate a Static Website using React and the Notion API.
TypeScript
28
star
7

octospy

Octospy notifies events of github repositories to IRC channels.
Ruby
23
star
8

git-semv

๐Ÿ”– Git plugin for Semantic Versioning
Go
23
star
9

github-issues-notice

:octocat: Notify labeled issues to Slack
TypeScript
19
star
10

capistrano-withrsync

Capistrano with rsync to deployment hosts from local repository.
Ruby
19
star
11

go-retry

A retry command by golang on CLI.
Go
15
star
12

trellohub

Synchronize Trello with GitHub issues
Ruby
13
star
13

warp

WARP is an outbound transparent SMTP proxy.
Go
12
star
14

stalkerr

Stalkerr is IRC Server for stalking :)
Ruby
11
star
15

capistrano-slack_notification

Notify Capistrano ver3 deployment to Slack.
Ruby
10
star
16

breacan

๐Ÿ’ฌ Simple Ruby wrapper for Slack API.
Ruby
10
star
17

gmail-to-github-issues

โœ‰๏ธ :octocat: This creates a github issue from an unread email with the specified label.
TypeScript
9
star
18

.vimperator

JavaScript
8
star
19

nodebrew-cookbook

Installs and manages your versions of node.js in chef with nodebrew
Ruby
8
star
20

sequelize-vault

๐Ÿ”‘ A Sequelize plugin for easily integrating Hashicorp Vault
TypeScript
8
star
21

go-onigmo

๐Ÿ‘น Onigmo bindings for Go
Go
7
star
22

octokit_issue_export

Export issues from projects on GitHub
Ruby
7
star
23

k8v

โš“๏ธ Use Kubeadm on Vagrant to create a multi-master environment for k8s cluster.
Shell
7
star
24

nginx-ssh-module

SSH reverse proxy for nginx
C
6
star
25

websocket-on-nextjs

This is example for websocket on next.js
TypeScript
6
star
26

pdns

PowerDNS API mountable engine for Rails
Ruby
6
star
27

mox

๐ŸŽญ A very simple mock server as web api.
Go
5
star
28

tomohisaoda.com

๐Ÿ“ my blog
TypeScript
5
star
29

glip

๐Ÿ—บ Geographic Location for IP Address with MaxmindDB.
Rust
5
star
30

remember_me

RememberMe is a simple remember-me login solution on Rails.
Ruby
5
star
31

clog

๐Ÿ”ฌ Count Lines of GitHub Organization Code
Go
4
star
32

vault-yawaraka

Dockerfile
4
star
33

nihongo

ๆ—ฅๆœฌ่ชžใฎใ‚ซใ‚ฟใ‚ซใƒŠใ€ใฒใ‚‰ใŒใชใ€ๅŠ่ง’ใ€ๅ…จ่ง’ๅค‰ๆ›ใ‚’่กŒใ†ไบ‹ใŒๅ‡บๆฅใพใ™
Ruby
4
star
34

nebulachain

Ruby
4
star
35

dotfiles

JavaScript
4
star
36

linyows.her.jp

TypeScript
4
star
37

gatsby-starter-wpgraphql

๐Ÿš€ Gatsby's WPGraphQL starter
TypeScript
3
star
38

wercker-step-slack_notification

Posts a message to an Slack channel.
Shell
3
star
39

puap

Packer template as Ubuntu for ARM with Parallels
Shell
3
star
40

vault-sandbox

Docker sandbox for hashicorp/Vault.
Ruby
3
star
41

.vim

my vim
Vim Script
3
star
42

files-monitoring

๐Ÿ’พ Files monitoring on Cloud Storage
TypeScript
3
star
43

vagrant-properties

Management multiple machines
Ruby
3
star
44

vault-workshop

workshop for vault
Dockerfile
3
star
45

notion-agent

๐Ÿ’‚โ€โ™‚๏ธ Detects publicly accessible pages in a workspace for Notion.
TypeScript
3
star
46

nginx-cookbook

Installs/configures nginx
Ruby
3
star
47

keepalived-cookbook

Installs keepalived and generates the configuration file
Ruby
3
star
48

h2o-cookbook

Installs/configures h2o
Ruby
3
star
49

lunch-wagon

๐Ÿš Notify the Slack channel of the lunch members selected from the Slack user group
TypeScript
3
star
50

notionslot

๐Ÿ“ฌ Notionslot stores messages in database on Notion for email notifications.
PHP
2
star
51

dewy-cookbook

Ruby
2
star
52

motd-cookbook

This cookbook makes your motd.
Ruby
2
star
53

trell

Simple Ruby wrapper for the Trello API.
Ruby
2
star
54

junkie

๐ŸงŸโ€โ™€๏ธ Junkie notifies pull-request to Slack channel that for specified a language.
TypeScript
2
star
55

unite-li3

unite plugin
Vim Script
2
star
56

imap_exporter

๐Ÿ“ฎ Export IMAP4rev1 server health to Prometheus.
Go
2
star
57

bucket

Resource controll server for AmazonS3 on node.js.
JavaScript
2
star
58

blog-on-lolipop

This is a example.
TypeScript
2
star
59

storing

๐Ÿ’ฝ Storing is the cloud storage upload CLI.
Go
2
star
60

capistrano-ikachan

IRC notification tasks by The Ikachan for Capistrano v3
Ruby
2
star
61

forever

JavaScript
2
star
62

wp-github-actions-hooks

PHP
2
star
63

consul-cookbook

Installs/configures consul
Ruby
2
star
64

linyows

Yo
1
star
65

ryotomita.com

This is the official website of Ryo Tomita.
TypeScript
1
star
66

pipeline

The Pipeline Tool
Go
1
star
67

go-plugin-benchmarks

Go
1
star
68

goilate

Boilerplate for Go project
1
star
69

rust-learning

โš™ Rust learning for myself
Rust
1
star
70

blog-gridsome

Use Gridsome and Wordpress as Headless CMS
CSS
1
star
71

linyo.ws

blog
Vue
1
star
72

linyows.github.com

linyows.github.com
1
star
73

probe

Go
1
star
74

rutouch-terrarium

Rust
1
star
75

consul-operator

A Kubernetes Operator for HashiCorp Consul
Go
1
star
76

hngex

Dockerfile
1
star
77

tid

Easy to test in the docker container
Ruby
1
star
78

diamonddust

Ruby
1
star
79

gotty-now

Dockerfile
1
star
80

github-issues-closer

โšฐ๏ธ This is a CLI tool that closes all issues that match your search.
Go
1
star
81

phantom

Github-Flavored-Markdown parser
JavaScript
1
star
82

blog

TypeScript
1
star
83

pattern-wall

๐ŸŒˆ Generate positions for pattern in an area
TypeScript
1
star
84

wercker-step-ikachan

Send a message to an IRC channel by ikachan.
Ruby
1
star
85

octopass-cookbook

HTML
1
star
86

restyle-tanpaku

1
star
87

github-time-localization

Localize time on GitHub
JavaScript
1
star
88

vault-cookbook

Installs/configures hashicorp vault
Ruby
1
star
89

github-issues-mover

๐Ÿš‚ A CLI tool to migrate issues across GitHub and GitHub Enteprise repos.
Go
1
star
90

hugo-theme-flag

Hugo theme
HTML
1
star
91

Mixi_Feed

PHP
1
star
92

github-issues-rdns

๐Ÿ“› Do Reverse DNS resolution on GitHub Issues
TypeScript
1
star
93

mongoid-dynamic_matchers

Support `find_by_xxx_and_yyy` like activerecord to mongoid.
Ruby
1
star
94

cdate-relative

Relative format for cdate
TypeScript
1
star
95

rutouch

๐ŸŒ… Retouch image server by url interface.
Rust
1
star