Skip to content

asemt/sectra

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits

Godeps

Godeps

 
 

binaries/osx

binaries/osx

 
 

data

data

 
 

helper/fetchghkeys

helper/fetchghkeys

 
 

host_key

host_key

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

main.go

main.go

 
 

Repository files navigation

sectra

sectra stands for Secrets Transport. Sensitive information is encrypted and securely transfered by piggybacking on the SSH v2 protocol. It's essential a funny behaving SSH server.

Usage:

  • sectra itself needs a host key pair to work. If no SSH key pair exists in sectra/host_key, a new host key pair will be generated automatically by sectra (requires ssh-keygen command to be found in PATH).
    • Warning: The newly created SSH private key will be generated without a passphrase. So please keep it private or better yet, delete it directly after it's not needed anymore.
Create the user-specific subdirectories:

  • The Up&Running way:
    If the user who should connect tot the sectra server has one ore more public SSH keys added to his GitHub profile, then the fastest way to use them with sectra is:

          $ ./binaries/osx/fetchghkeys/fetchghkeys <GitHub username>

    This will create a new subdirectory ./data/<GitHub username>, which contains the authorized_keys file containing the fetched public SSH keys for the user given by <GitHub username>.
    Last thing to do is to create a file ./data/<GitHub username>/payload and put the actual sensitive data to transport into it. Then the the sectra server can be started.

  • The manual way:
    Create a subdirectory under the data directory which has to match a SSH username that should be allowed to connect to the sectra server. Inside the user-sepcific subdirectory, the public SSH keys of the user who is allowed to connect have to be placed in a file named authorized_keys in the same format as used by OpenSSH. A file named payload in the same user-sepcific subdirectory contains the actually sensitive information which should be transfered (make sure it uses DOS line endings (:set ff=dos in Vim)).

    • Example directory structure:

        .
  ├── data
  │   └── username
  │       ├── authorized_keys
  │       └── payload
  ├── host_key
  │   ├── id_rsa
  │   └── id_rsa.pub

How to run the sectra server (OS X):

	# optional (default port is 3333):
	#export PORT=3456
	# run the sectra server:
	$ ./binaries/osx/sectra

How to connect to the sectra server:

    $ ssh -q username@<sectra-HOST-IP> -p 3333

If nothing gets displayed on the console, run the ssh command with -vvv to see debug messages.

License

Licensed under the MIT License. See the LICENSE file for details.

TODO

  • Tests!

About

sectra transports secrets over SSH

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages