-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add SSH key verification option #4
Comments
That URL apparently changed to https://vtllf.org/sshweb |
Could do it using the signing method linked, or (easier) provide ssh login to a space with the key that is set to only execute a command that triggers continuance. Provide an |
Yeah I re-read that post and I'm not quite sure how to make that flow work here. |
The signing-based or the login-based flow? Where are you hosted right now? |
indieauth.com runs on three servers that don't share any state between them, so I'd probably run the SSH agent on only a single server (similar to how openid.indieauth.com works). The main server is a linode VPS. I'd be happy to take suggestions on how an expected flow would work with SSH verification. |
So, the login-based on would involve ssh keys set up to only be allowed to run a single command (this is a standard sshd feature of the authorixed_keys file) so I would probably be a command run via such a key that would set something in the DB to mean "yes, approve login" and then the web frontend would just spin until the backend saw that value set (or similar) and then approve login (or timeout after some time) |
http://superuser.com/a/308130
requested by @JerrySievert
The text was updated successfully, but these errors were encountered: