# hildeguard

**Repository Path**: mirrors_scireum/hildeguard

## Basic Information

- **Project Name**: hildeguard
- **Description**: Signs public keys (id_rsa.pub) usign a CA certificate to permit ssh access to users authenticated via LDAP (Active Directory)
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2020-09-25
- **Last Updated**: 2026-04-26

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# HildeGUARD
Signs public keys (id_rsa.pub) usign a CA certificate to permit ssh access to
users authenticated via LDAP (Active Directory).

The certificate automatically contains all LDAP groups which start with ssh-
to permit fine grained access control.

# HildeGUARD installation

```bash
mkdir -p /hildeguard/data
cd /hildeguard/data
# setup a SSH CA without a phasephrase (empty)
ssh-keygen -C CA -f ca
cd /hildeguard
touch instance.conf

```

Create a extra user with a password inside your Windows ADFS / LDAP.

Use the created instance.conf within /hildeguard to configure HildeGUARD to use the new credentials:
```
ldap {
    server = "ldap://192.168.0.1"
    ssl = false
    user = "hildeguard-ssh"
    password = "foobar"
    userSuffix = "@example.com"
    searchBase = "dc=example,dc=com"
}
```
 HildeGUARD will create a new SSH host key on the first connect. It is stored within /hildeguard as sshd.key.
 
 HildeGUARD runs inside the Docker container as user ID 2000
 
 ```
 chown -R 2000:2000 /hildeguard
 ```
 
 Start the HildeGUARD docker container:
 
 ```
 docker run -p 2222:2222 -v /hildeguard/data:/home/sirius/data -v /hildeguard/instance.conf:/home/sirius/instance.conf  scireum/hildeguard:1.0.2
 ```


The software is licensed under the MIT license.