Feature Request: Add Support for new OPKSSH tool from Cloudflare #521
Comments
|
They link it in the blog post I included, but here is a direct link to the GitHub repo for the tool: https://github.com/openpubkey/opkssh/ |
|
I will have to look at the manpage for that tool first to figure out how such a thing could be done. But sounds possible in theory |
|
The tool it's very basic at this stage, best I can do is open a browser window once you get a permission denied with an expired key |
|
Okay, I think that would be good enough to start! I was looking at their readme and issue board yesterday and it looks like they have some improvements in progress already to expand what it can do. Really excited about this tool. |
|
So I implemented the basic functionality in https://github.com/xpipe-io/xpipe-ptb |
|
Awesome! I'll test it out when I get time. |
|
This is now available in 16.0 |
Cloudflare just open sourced opkssh this week which allows you to generate ephemeral SSH keys using OIDC with an IdP. Here is their blog post about it.
This would be an awesome tool to integrate with xpipe since it would remove the need to store long lived SSH keys in xpipe's vault for users that configure it. Instead xpipe would call the opkssh tool, the user would be redirected to the SSO provider they have configured opkssh to use, and then xpipe could use the new SSH keys that were generated for the connections configured to use opkssh. Xpipe should reuse those SSH keys until they expire, and then if the user opens a connection with expired keys, restart the process by calling opkssh again.
The text was updated successfully, but these errors were encountered: