|Stuart Johnson facd86c49b formatting||10 months ago|
|.gitignore||1 year ago|
|Dockerfile||11 months ago|
|README.md||10 months ago|
|entrypoint.sh||1 year ago|
|menu||1 year ago|
|menu_connect||1 year ago|
|server-setup.sh||1 year ago|
|server.list||1 year ago|
|ssh-copy-id.patch||1 year ago|
|ssh_config||1 year ago|
Install the SSH/PGP Agent application See first part of this guide
If you havn't got this project yet:
git clone https://github.com/logicethos/SSH-Ledger-Login.git cd SSH-Ledger-Login.git
Create a server.list file, with your servers like this:
[<user>@]host1[:port] my-server-name1 [<user>@]host2[:port] my-server-name2
docker build -t ledger-ssh .
Now run it. If you need an alternative login name, add that as an argument.
docker run --rm -it --privileged -v /dev/bus/usb:/dev/bus/usb ledger-ssh [user]
Copy & execute server_setup.sh As root:
wget https://raw.githubusercontent.com/logicethos/SSH-Ledger-Login/master/server-setup.sh bash server_setup.sh
useradd -m -s /bin/bash -G keyset,sysadmin <user>
set up a tempory password.
usermod -a -G keyset,sysadmin <user>
keyset Signals to sshd, that password entry is allowable for a new user to upload public key keyonly Signals to sshd, this is a key holder, so no password allowable sysadmin Allow passwordless sudo for system admins
Users added to the group 'keyset', will be required to upload a public key from the Ledger when they connect. After they have done this, they will be automatically removed from 'keyset', and added to 'keyonly' group. No more passwords. Users added to the sysadmin group, will get password-less sudo (i.e full root access).