An easier, more secure approach, would be authviassh://authviassh@auth.server/or... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		asojfdowgh on Feb 27, 2022 \| parent \| context \| favorite \| on: Login with a Public Ed25519 Key An easier, more secure approach, would be `authviassh://authviassh@auth.server/origin.domain/nonce` parsed restrictively `authviassh:\/\/authviassh@(${domain_regex})/(${domain_regex})/([0-9a-zA-Z]+)` prompting the user: `"Would you like to log into origin.domain (via auth.server) using ~/.ssh/your_key?"` and then finally running `ssh "authviassh@auth.server" -- authviassh "origin.domain" "nonce"` with the appropriate additional flags to turn off forwarding et al Only problem is, only 1 language has decent bindings for ssh interactives server-side, so one is somewhat forced to learn Go to implement this easily

pxx on Feb 27, 2022 [–]

This seems similar in concept to https://github.com/michft/ssh-mars or https://github.com/wes1138/webauth-via-ssh but you could imagine that the person running the SSH server doesn't necessarily need to be the person running the website.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact