SSH login based on keys from composer.
OpenSSH 6.2 introduced AuthorizedKeysCommand sshd_config option, which
allows ssh daemon to invoke a command each time a login is attempted to fetch
keys for the specific username. This is essentially how doorkeeper works - it
fetches keys from composer service to find out which users should be allowed
to SSH onto this machine.
Note: it doesn't support per-user authentication. All keys added to composer are valid.
Put bin/doorkeeper somewhere (npm -g install might not work great due to
permission issues) and add those 2 lines to your /etc/ssh/sshd_config:
AuthorizedKeysCommand <path-to-doorkeeper>
AuthorizedKeysCommandUser <user-you-want-doorkeeper-to-run-as>
Example from nodejitsu server:
AuthorizedKeysCommand /usr/bin/doorkeeper
AuthorizedKeysCommandUser root
doorkeeper needs a config file to know where composer service is running.
It looks up 3 paths: /etc/doorkeeper, $HOME/.quillconf, /root/.quillconf.
Example config file:
{
"remoteHost": "127.0.0.1",
"port": 9003
}If no port is given, it defaults to 9003.
Please note that doorkeeper's config file format is identical to quill's,
so if you have quill installed and configured, doorkeeper integration is
seamless.