shithub Public

Watch 1 Fork 0 Star 0

Text · 632 bytes Raw Blame History

  
        1
        #!/usr/bin/env bash
      
        2
        # Wrapper for sshd's AuthorizedKeysCommand. shithubd ssh-authkeys
      
        3
        # needs SHITHUB_DATABASE_URL to look up the offered fingerprint, but
      
        4
        # sshd does not source EnvironmentFile= for AKC commands. Source
      
        5
        # /etc/shithub/web.env then exec shithubd.
      
        6
        #
      
        7
        # Runs as the AuthorizedKeysCommandUser configured in sshd_config
      
        8
        # (currently `shithub`, the same user that owns web.env). Fail-closed:
      
        9
        # any error (config missing, shithubd missing, etc.) returns nothing
      
        10
        # to sshd, which means "deny" — better than a stack trace leaking.
      
        11
        
        12
        set -e
      
        13
        set -a
      
        14
        . /etc/shithub/web.env
      
        15
        set +a
      
        16
        exec /usr/local/bin/shithubd ssh-authkeys "$1"

1	#!/usr/bin/env bash
2	# Wrapper for sshd's AuthorizedKeysCommand. shithubd ssh-authkeys
3	# needs SHITHUB_DATABASE_URL to look up the offered fingerprint, but
4	# sshd does not source EnvironmentFile= for AKC commands. Source
5	# /etc/shithub/web.env then exec shithubd.
6	#
7	# Runs as the AuthorizedKeysCommandUser configured in sshd_config
8	# (currently `shithub`, the same user that owns web.env). Fail-closed:
9	# any error (config missing, shithubd missing, etc.) returns nothing
10	# to sshd, which means "deny" — better than a stack trace leaking.
11
12	set -e
13	set -a
14	. /etc/shithub/web.env
15	set +a
16	exec /usr/local/bin/shithubd ssh-authkeys "$1"