2017-05-18

Embedding SSH Key in SSH URL

SSH keys are considered to be a security feature, but sometimes they make things more complicated than necessary.

Especially in automation contexts we use SSH keys without a pass phrase which degrades the security of the SSH keys to the security level of a plain text password. The only benefit of the SSH keys is the fact that an attacker who gains access to the server won't be able to use the keys found there to login somewhere else. As such SSH keys are still better and more secure than having a regular plain text password.

In automation contexts we sometimes have to handle lots of SSH keys, for example with GitHub Deploy Keys. GitHub mandates to use a different SSH key for every repository to ensure that a leaked private key will not lead to a breach of other repositories.

I recently had to configure a Go Continuous Delivery server and it turned out that it does not support managing SSH keys at all (like Jenkins or TeamCity do). In order to still be able to use GitHub Deploy Keys with Go CD I created  a small SSH wrapper that allows placing the SSH key directly in the git URL like this:

git~LS0tLS1CRUdJTiBP....SDFWENF324DS=@github.com:user/repo.git

(The URL is much longer, depending on the size of your SSH key). The format is

user~key@host

I use the ~ character as separator because git tries to interpret a : in this place. The SSH wrapper is installed for git with the help of the GIT_SSH environment variable like this:
# clone GitHub repo with Deploy Keys
$ GIT_SSH=ssh-url-with-ssh-key git clone git~LS0tLS1CRUdJTiBP....SDFWENF324DS=@github.com:user/repo.git

# connect to remote SSH server
$ ssh-url-with-ssh-key user~LS0tLS1CRUdJTiBP....SDFWENF324DS=@host

# create new SSH key pair
$ ./ssh-url-with-ssh-key --create schlomo test
Append this base64-encoded private key to the username:
~LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUFTZUVqcDRJcFVubGhkTDVEU0VuVkc2aVM0U21Qd3NWR1hNVDhFbDFVZlBvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFbHNRYnZaKzhMLzR3enhYMDlEdGZnZGFTaDVzSFpHUHVUcnVtWXd0UW4yb0txMFVNRmZjaQo4bWFqWWRqclF1YU8vdGN6aCtOWjJ3ZVZiZmY3WE5kQ01RPT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
Public Key:
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJbEG72fvC/+MM8V9PQ7X4HWkoebB2Rj7k67pmMLUJ9qCqtFDBX3IvJmo2HY60Lmjv7XM4fjWdsHlW33+1zXQjE= schlomo test
See the GitHub repo at https://github.com/schlomo/ssh-url-with-ssh-key for the source code.

See also my other SSH related blog articles: