The SSH/SFTP gateway uses GitHub-based authentication and authorization. Users are managed through GitHub collaborator permissions and SSH keys.
- User connects with their GitHub SSH key
- System validates the key against GitHub
- Checks user's repository permissions
- Grants appropriate access level based on GitHub roles
See Environment Variables for required GitHub configuration.
Access levels are determined by GitHub repository roles:
admin: Full access to all featuresmaintain: Access to development resourceswrite: Limited access to development resources
The system automatically:
- Syncs with GitHub collaborator SSH keys
- Updates authorized_keys files
- Handles key rotation
- Manages access permissions
# Sync GitHub keys
node controller.keys.js sync
# List authorized keys
node controller.keys.js list
# View key directory
ls -la /etc/ssh/authorized_keys.d/Users are automatically created and managed through GitHub integration:
-
When a collaborator is added to the repository:
- System detects their GitHub role
- Creates necessary system user
- Syncs their SSH keys
-
User permissions are managed by:
- GitHub repository roles
ALLOW_SSH_ACCESS_ROLESsetting- Automatic key synchronization
/home/[username]/
├── .ssh/
│ └── authorized_keys # Auto-updated from GitHub
└── .config/
└── ssh/
└── config # System-managed
- Keys are stored in
/etc/ssh/authorized_keys.d/ - Proper permissions (600) are enforced
- Regular key rotation is recommended
- No password authentication allowed
- SSH key-based authentication only
- Role-based access tied to GitHub permissions
- Regular permission audits recommended
-
"Permission denied (publickey)"
- Check GitHub SSH key setup
- Verify repository permissions
- Ensure key sync is working
-
"Access denied"
- Check GitHub role permissions
- Verify ALLOW_SSH_ACCESS_ROLES setting
- Check user exists in system
# View SSH logs
tail -f /var/log/sshd.log
# View key sync service logs
worker service logs rabbit-ssh-server