Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Limit the users that the proxy will hand out SSH keys for #51

Open
madwort opened this issue Feb 28, 2024 · 1 comment
Open

Limit the users that the proxy will hand out SSH keys for #51

madwort opened this issue Feb 28, 2024 · 1 comment

Comments

@madwort
Copy link
Contributor

madwort commented Feb 28, 2024

I'm not sure how easy this would be (or worthwhile), but was wondering whether we should allowlist the Github usernames that we hand out SSH keys for via this proxy - this would add an extra layer of safeguarding in case of incorrect usernames.
@madwort
Copy link
Contributor Author

madwort commented Feb 28, 2024

not a great place to do this, as I think it would be difficult to verify whether the github username is currently a member of the relevant github org (which is potentially the best way to verify whether they currently have access) - but a longer list might help to cut down the possibilities & add to defence in depth.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@madwort