Making use of ssh keys for authentication in other applications?

Question

Let's say I want to set up a poor man's authentication scheme for a simple network service.

I don't want to bother with username/password authentication, for simplicity I just want to have a list of public keys in my application and anyone who can prove they are the owner of that key can use my service.

For the purposes of my application it would greatly simplify the authentication process since all my users are on the local network and they all use Unix. Anytime I onboard a new user I can just ask them for their ssh public key.

Is there a simple way to reuse the mechanism involved in ssh public key authentication in a non-ssh application? This is question is intended to be language agnostic.

Answer 1

If you just have a list of users that can use your application and you have no need to see who did what.

You can setup your server so that it listens only on localhost (127.1) rather than 0.0.0.0, and provide a restricted sshd, forwarding the port required to connect to the application

~/.ssh/authorized_keys will provide a list of the authorized keys that can be used.

 ssh -I private_key_file <hostname> -L 3000:localhost:3000

For a basic setup and help with configuring your sshd, check out this answer: https://askubuntu.com/questions/48129/how-to-create-a-restricted-ssh-user-for-port-forwarding

Note: Be warned that if you don't lock it down, any user will have full shell access on your box where the machine is hosted.

Answer 2

A dirty hack from top of my head: could you wrap the application so that it would create an actual SSH tunnel from localhost to your server, and use that for ?