sb

A CLI for generating SSH Certificates via Sign-in with Slack.

SSH Certificates are easier to manage than SSH keys primarily because Certificates can expire automatically. This expiration means access to Sparkbox Slack is required to get SSH access to our various servers which strikes a good balance between security and maintenance overhead.

Installation

macOS

1. brew tap sparkbox/brew
2. brew install sparkbox/brew/sb

Linux

1. Download sb from the latest release
2. Unzip the file
3. Move the sb binary to a location your $PATH understands: e.g. mv sb /usr/local/bin/sb
4. Start a fresh shell instance (new Terminal window)

How to use

1. Login by running sb login. This should launch a Sign-in with Slack prompt in your browser. Paste the resultant ID and token back to sb.
2. Run sb ssh to generate a new, time limited SSH certificate.
3. Run ssh-add -l to verify your local ssh-agent has the cert by locating the ECDSA-CERT entry.
4. You can now SSH to any host that is configured to trust the Certificate Authority.

How it works

Helpful Notes

• If you are using an Intel based machine, use the AMD64 file.
• If you are using an M1 MacBook, use the AMR64 file.