This is a SSH CA that allows you to retrieve a signed SSH certificate by authenticating to Duo.

github-duo-ssh-ca

Authenticate to GitHub Enterprise in a secure way by requiring users to go through a Duo flow to get a short-lived SSH certificate that works for their yubikey. This client will function as an SSH agent that will communicate with the YubiKey and authenticate to the API server component whenever necessary. It will popup a browser window for the Duo flow and request your yubikey PIN.

Usage

  1. Get Duo credentials ("protect web SDK").
  2. Create an RSA 4K keypair with ssh-keygen -t rsa -b 4096.
  3. Run the server component.
  4. Generate credentials with client new.
  5. Run it as an agent with client agent.

Overview

Server

duo:
  client_id: "xxx"
  client_secret: "xxx"
  api_host: "api-xxx.duosecurity.com"

github:
  token: "xxx"
  orgs: ["ironpeakservices"]

signer:
  private_key_path: "ca"
  expires_seconds: 36000

listener:
  address: "localhost:9999"
  token_secret_hex: "32byteshex"
  tls:
    certificate_path: ""
    key_path: ""

./server -log=debug -config=server.yml

Client

api: "http://localhost:9999"
email: "[email protected]"
socket_path: "/tmp/.shh"
./client -log=debug -config=client.yml agent
Owner
Niels Hofmans
Hello! I'm a cybersecurity freelancer and an open sourcerer from Belgium.
Niels Hofmans
https://github.com/hazcod/github-duo-ssh-ca
Similar Resources

Integrated ssh-agent for windows. (pageant compatible. openSSH ssh-agent etc ..)

Integrated ssh-agent for windows. (pageant compatible. openSSH ssh-agent etc ..)

OmniSSHAgent About The chaotic windows ssh-agent has been integrated into one program. Chaos Map of SSH-Agent on Windows There are several different c

Dec 19, 2022

:recycle: Now you can easily rollback to previous deployed images whatever you want on k8s environment

EasyRollback EasyRollback is aim to easy rollback to previous images that deployed on k8s environment Installation You should have go installation fir

Dec 24, 2022

sleuth checks that you declared a slice with length and you are trying append to the slice.

sleuth sleuth detects when an append is used on a slice with an initial size. Instruction go install github.com/sivchari/sleuth/cmd/sleuth Usage packa

Sep 15, 2021

Open Service Mesh (OSM) is a lightweight, extensible, cloud native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments.

Open Service Mesh (OSM) is a lightweight, extensible, cloud native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microservice environments.

Open Service Mesh (OSM) Open Service Mesh (OSM) is a lightweight, extensible, Cloud Native service mesh that allows users to uniformly manage, secure,

Jan 2, 2023

Snowflake grafana datasource plugin allows Snowflake data to be visually represented in Grafana dashboards.

Snowflake grafana datasource plugin allows Snowflake data to be visually represented in Grafana dashboards.

Snowflake Grafana Data Source With the Snowflake plugin, you can visualize your Snowflake data in Grafana and build awesome chart. Get started with th

Dec 29, 2022

A block parser tool that allows extraction of various data types on DAS

das-database A block parser tool that allows extraction of various data types on DAS (register, edit, sell, transfer, ...) from CKB Prerequisites Ubun

Nov 11, 2022

Custom Terraform provider that allows provisioning VGS Proxy Routes.

VGS Terraform Provider Custom Terraform provider that allows provisioning VGS Proxy Routes. How to Install Requirements: terraform ver 0.12 or later M

Mar 12, 2022

A simple webdev utility program that allows developers to quickly validate and format JSON code

Toolbox CLI A simple webdev utility program that allows developers to quickly validate and format JSON code, convert from UNIX epoch to timestamp and

Jan 4, 2022

Solana Token Registry - a package that allows application to query for list of tokens

Please note: This repository is being rebuilt to accept the new volume of token additions and modifications. PR merges will be delayed. @solana/spl-to

Jan 16, 2022
Related tags
DevOps Tools github agent ssh enterprise ca duo
An experimental Go application that allows an SSH session to interact with the clipboard of the host machine and forward calls to open

Remote Development Manager An experimental Go application that allows an SSH session to interact with the clipboard of the host machine and forward ca

Dec 27, 2022
Trusted Certificate Service for Kubernetes Platform

Trusted Certificate Service (TCS) is a Kubernetes (k8s) service to protect private keys using Intel's SGX technology including support for k8s CSR and cert-manager CR APIs. TCS also contains integration samples for Istio service mesh and Key Management Reference Application (KMRA).

Dec 30, 2022
Jenkins CLI allows you manage your Jenkins as an easy way

Quick start 简体中文 Jenkins CLI Jenkins CLI allows you manage your Jenkins in an easy way. No matter if you're a plugin developer, administrator or just

Jan 4, 2023
Mattermost outline plugin allows you to search your teams documents.
 Mattermost outline plugin allows you to search your teams documents.

mattermost-plugin-outline Mattermost Outline plugin allows you to search your teams documents. Installation In Mattermost 5.16 and later, this plugin

Dec 7, 2022
A tool that allows you to manage Kubernetes manifests for your services in a Git repository

kuberpult Readme for users About Kuberpult is a tool that allows you to manage Kubernetes manifests for your services in a Git repository and manage t

Dec 16, 2022
Fleex allows you to create multiple VPS on cloud providers and use them to distribute your workload.
 Fleex allows you to create multiple VPS on cloud providers and use them to distribute your workload.

Fleex allows you to create multiple VPS on cloud providers and use them to distribute your workload. Run tools like masscan, puredns, ffuf, httpx or a

Dec 31, 2022
Boxygen is a container as code framework that allows you to build container images from code

Boxygen is a container as code framework that allows you to build container images from code, allowing integration of container image builds into other tooling such as servers or CLI tooling.

Dec 13, 2021
A very simple utility that allows you to run the desired command or script as soon as a certain process with a known PID completes correctly or with an error.

go-monkill A very simple utility that allows you to run the desired command or script as soon as a certain process with a known PID completes correctl

Dec 17, 2022
A Docker image that allows you to use Hetzner DNS as a DynDNS Provider

Docker Hetzner DDNS This Docker image will allow you to use the Hetzner DNS Service as a Dynamic DNS Provider (DDNS). How does it work? The Go script

Dec 27, 2022
The Container Storage Interface (CSI) Driver for Fortress Block Storage This driver allows you to use Fortress Block Storage with your container orchestrator

fortress-csi The Container Storage Interface (CSI) Driver for Fortress Block Storage This driver allows you to use Fortress Block Storage with your co

Jan 23, 2022