-
Notifications
You must be signed in to change notification settings - Fork 605
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"ssh setup" feature #32
Comments
May I suggest |
Brainstorming about some basic use-cases. The simplest is: A user with access to two machines wishes to enable machine A to ssh to machine B. So, they would:
Once the wormhole is established, |
+1 for @meejah's suggested syntax/implementation |
We landed PR #57 just now. There are a few items I want to figure out before making a release with this feature:
|
At a meetup tonight, @gtank and his pal Ryan helped me realize that the actual high-level command I want here is basically That command would pass all its arguments to
That would satisfy what I'm describing as the "primary" use case (run as root, create account for somebody else), which could let a lower-level
My friend Sam likes to have each client generate a new pubkey for each host (so the ssh-agent can be used to empower/revoke logins for specific hosts). So I think the high-level I'm still uncertain about how all these commands should be named. I don't want to overpopulate the top-level namespace of the |
I have to say I really don't like this "wormhole adduser" proposal. It seems in violation of a lot of unix-y principles I hold dear, and I would certainly never use such a feature. I really don't think wormhole should get in the business of creating user accounts on systems, or do anything that would require superuser privileges for that matter. I think all an ssh feature should do is just send a specified pubkey, and then receive a pubkey and append it to the authorized_keys file of the user calling it. So something like this would be most intuitive to me:
where you can optionally specify the pubkey file (~/.ssh/id_rsa.pub otherwise), and
where you can optionally specify the authorized_keys file to which the received key is appended (~/.ssh/authorized_keys otherwise). It should probably be smart enough to not double add the same key for the same host. That would very naturally cover the most common use cases in the most intuitive manner. If wormhole did anything beyond this it would be extremely unexpected imho. If you want to add a key to a different user then why not just:
|
As a slight tweak to what @jrollins says above, I'd also thought of being allowed to specify FWIW, I agree that |
This feature is in https://magic-wormhole.readthedocs.io/en/latest/search.html?q=ssh&check_keywords=yes&area=default |
We came up with a neat feature idea at PyCon: using magic-wormhole to set up SSH pubkeys.
The use case is that Alice owns a computer, and wants to give Bob SSH acccess to it. Either Alice is root on the host and she's setting up a new account for Bob, or Alice is a normal user (logged in already) and is trying to add her own pubkey.
Alice runs something like
wormhole add-ssh
, maybe aswormhole add-ssh --user=bob
. Then Bob runswormhole send-ssh
. The add-ssh command generates and displays a wormhole code. The send-ssh command looks in~/.ssh/
, finds your pubkeys, and asks you which one you want to send, then accepts the wormhole code, and sends the pubkey. When add-ssh receives the pubkey, it appends it to~/.ssh/authorized_keys
of the given user account.The text was updated successfully, but these errors were encountered: