charon-key

SSH AuthorizedKeysCommand that fetches SSH public keys from GitHub and merges them with existing authorized_keys files.

Overview

charon-key is a Go application designed to be used as an AuthorizedKeysCommand in SSH daemon configuration. It:

Maps SSH usernames to GitHub usernames (many-to-many mapping)
Fetches SSH public keys from GitHub's public API
Caches keys with configurable TTL to reduce API calls
Merges GitHub keys with existing ~/.ssh/authorized_keys files
Provides graceful fallback to cached keys when GitHub is unreachable

Features

Many-to-many user mapping: Multiple SSH users can map to multiple GitHub users
Caching: Configurable cache with TTL to minimize GitHub API calls
Offline support: Falls back to cached keys when GitHub is unreachable
Cross-platform: Works on macOS and Linux
Nix packaging: Built and distributed via Nix

Installation

Using Nix

nix build

Usage

Basic Usage

charon-key --user-map alice:alice-github,bob:bob-github

With Options

charon-key \
  --user-map alice:alice-github,bob:bob-github \
  --cache-dir /var/cache/charon-key \
  --cache-ttl 10 \
  --log-level debug

SSH Configuration

Add to /etc/ssh/sshd_config:

AuthorizedKeysCommand /path/to/charon-key --user-map <mapping>
AuthorizedKeysCommandUser root

User Mapping Format

The --user-map argument accepts comma-separated pairs in the format sshuser:githubuser:

Single mapping: alice:alice-github
Multiple mappings: alice:alice-github,alice:shared-github,bob:bob-github
Wildcard (all SSH users): *:dgarifullin

When multiple GitHub users are mapped to the same SSH user, their keys are merged.

Options

--user-map <mapping> (required): User mapping in format sshuser:githubuser
--cache-dir <dir> (optional): Cache directory path (default: OS temp directory)
--cache-ttl <minutes> (optional): Cache TTL in minutes (default: 5)
--log-level <level> (optional): Log level: debug|info|warn|error (default: info)
-h, --help: Show help information
-v, --version: Show version information

Development

Prerequisites

Nix with flakes enabled
Go 1.21+ (provided by Nix flake)

Setup

# Enter development environment
nix develop

# Build the application
go build -o bin/charon-key ./cmd/charon-key

# Run tests
go test ./...

License

[Add license information]

Status

🚧 In Development - This project is currently under active development.

Name		Name	Last commit message	Last commit date
Latest commit History 22 Commits
.github/workflows		.github/workflows
cmd/charon-key		cmd/charon-key
internal		internal
.envrc		.envrc
.gitignore		.gitignore
INTEGRATION_EXAMPLES.md		INTEGRATION_EXAMPLES.md
Makefile		Makefile
README.md		README.md
charon-key		charon-key
darwin-module.nix		darwin-module.nix
flake.lock		flake.lock
flake.nix		flake.nix
go.mod		go.mod
module.nix		module.nix

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

charon-key

Overview

Features

Installation

Using Nix

Usage

Basic Usage

With Options

SSH Configuration

User Mapping Format

Options

Development

Prerequisites

Setup

License

Status

About

Uh oh!

Releases 5

Packages

Languages

GDR/charon-key

Folders and files

Latest commit

History

Repository files navigation

charon-key

Overview

Features

Installation

Using Nix

Usage

Basic Usage

With Options

SSH Configuration

User Mapping Format

Options

Development

Prerequisites

Setup

License

Status

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases 5

Packages 0

Languages

Packages