pam-ussh
cashier
pam-ussh | cashier | |
---|---|---|
3 | 3 | |
827 | 689 | |
0.0% | - | |
0.0 | 8.0 | |
about 1 year ago | about 1 month ago | |
Go | Go | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
pam-ussh
-
Sudo rules when using SSH certificates
One solution could be uber-pamussh which allows to reuse the SSH certificate and the given principals as filter for sudo access. Sounds great and works pretty god, but the issue is that the repo is not maintained (or has at least a low activity) which makes me doubt if this is a good solution.
-
Locking Down SSH - The Right Way
Yep. We're using Vault to provide SSH certs, and it works like a dream. For certain servers, we're even using this PAM module to provide passwordless sudo: https://github.com/uber/pam-ussh
-
Why SSH certificates are awesome
Uber’s PAM module
cashier
-
What are SSH Certificate Authority solutions?
In the quick search I learned about ssh cert authority which looks very manual and also like a dead project smallstep's step-ca who put together very nice article about how to begin certificate authority process Netflix' BLESS is AWS only Cashier which also looks quite ok
- Cryptojacking Attacks Continue To Target SSH Servers
-
Why SSH certificates are awesome
2. Cashier
What are some alternatives?
sshrimp - 🦐SSH Certificate Authority in a Lambda (on the barbie)
caddy-ssh - Caddy-SSH is a general-purpose, extensible, modular, memory-safe SSH server built in Go [Moved to: https://github.com/kadeessh/kadeessh]
certificates - 🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
bless - Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function
ssh-cert-authority - An implementation of an SSH certificate authority.
keymaster - Short term certificate based identity system (ssh/x509 ca + openidc)
sharkey - Sharkey is a service for managing certificates for use by OpenSSH
thoughts - Just my public thoughts, think of it like a blog I never update
kadeessh - Kadeessh (formerly Caddy-SSH) is a general-purpose, extensible, modular, memory-safe SSH server built in Go