Data

Tools

Indexes

Applications

Experiments

Open Source Science

conch

https://github.com/isambard-sc/conch

Science Score: 44.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
    Found CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (9.1%) to scientific vocabulary
Last synced: 6 months ago · JSON representation ·

Repository

Basic Info
Statistics
  • Stars: 2
  • Watchers: 3
  • Forks: 2
  • Open Issues: 9
  • Releases: 17
Created over 1 year ago · Last pushed 6 months ago
Metadata Files
Readme Changelog License Citation

README.md

Conch SSH CA

Conch is an SSH CA for use in AIRR sites.

Installation

Conch can be deployed in a few different way, but all require a private SSH signeing key to be created:

sh ssh-keygen -q -t ed25519 -f ssh_signing_key -C '' -N ''

Helm

First, create the SSH signing key and put it in a Secret:

sh kubectl create secret generic conch-signing-key-secret --from-file=key=ssh_signing_key rm ssh_signing_key

then, you can create a values.yaml like:

```yaml

config: issuer: "https://keycloak.example.com/realms/example" platforms: service-one: alias: "s1.example" hostname: "s1.example.com" proxy_jump: "jump.example.com" ```

You should avoid making the alias a resolvable domain name as it will be used in SSH configs and works best if it forms its own namespace.

and install the chart with:

sh helm upgrade conch oci://ghcr.io/isambard-sc/charts/conch --version x.y.z --install --values values.yaml

OCI image

Conch can be deployed as a container using e.g. Podman.

Set up the config file:

```toml signingkeypath = "/signing_key"

issuer = "https://keycloak.example.com/realms/example"

[platforms.service-one] alias = "s1.example" hostname = "s1.example.com" proxy_jump = "jump.example.com" ```

and run the container, pointing it to those two files:

sh podman run \ -v conch.toml:/conch.toml \ -v ssh_signing_key:/signing_key \ -e RUST_LOG=info \ ghcr.io/isambard-sc/conch:0.1.4 --config=/conch.toml

Binary

Conch can be run as a simple binary. They can be downloaded from releases.

Create the config file as above (editing it to point to the local location of the signing key). You can then run it with:

sh env RUST_LOG=info conch --config=conch.toml

OIDC

All the methods above require an OIDC issuer to be specified. Any client communicating with Conch (e.g. Clifton) will need to provide a signed JWT which Conch will validate against the issuer. This means that the issuer that the client uses must match the issuer configured in Conch.

Name

The famous conch in William Golding's Lord of the Flies was, according to his daughter, inspired by a shell in the Bristol Museum of Natural History. Given that this tool is to give access to secure shells, it seemed a fitting reference.

Owner

  • Name: isambard-sc
  • Login: isambard-sc
  • Kind: organization

Citation (CITATION.cff) 

# SPDX-FileCopyrightText: © 2024 Matt Williams <matt.williams@bristol.ac.uk>
# SPDX-License-Identifier: CC0-1.0

cff-version: 1.2.0
title: "Conch"
type: "software"
authors:
  - given-names: "Matt"
    family-names: "Williams"
    orcid: "https://orcid.org/0000-0003-2198-1058"
    affiliation: "University of Bristol"
doi: "10.5281/zenodo.13780936"
repository-code: 'https://github.com/isambard-sc/conch'
license: "MIT"

GitHub Events

Total
  • Create event: 43
  • Release event: 5
  • Issues event: 10
  • Delete event: 39
  • Issue comment event: 38
  • Push event: 49
  • Pull request event: 72
Last Year
  • Create event: 43
  • Release event: 5
  • Issues event: 10
  • Delete event: 39
  • Issue comment event: 38
  • Push event: 49
  • Pull request event: 72

Issues and Pull Requests

Last synced: 6 months ago

All Time
  • Total issues: 2
  • Total pull requests: 24
  • Average time to close issues: about 1 month
  • Average time to close pull requests: 12 days
  • Total issue authors: 1
  • Total pull request authors: 1
  • Average comments per issue: 0.0
  • Average comments per pull request: 0.67
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 24
Past Year
  • Issues: 2
  • Pull requests: 24
  • Average time to close issues: about 1 month
  • Average time to close pull requests: 12 days
  • Issue authors: 1
  • Pull request authors: 1
  • Average comments per issue: 0.0
  • Average comments per pull request: 0.67
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 24
View more stats
Top Authors
Issue Authors
  • milliams (7)
Pull Request Authors
  • dependabot[bot] (54)
  • milliams (3)
Top Labels
Issue Labels
enhancement (3) documentation (1)
Pull Request Labels
dependencies (54) rust (5) documentation (2) enhancement (1)

Dependencies

.github/workflows/build.yml actions
  • Swatinem/rust-cache v2 composite
  • actions/attest-build-provenance v1 composite
  • actions/checkout v4 composite
  • actions/upload-artifact v4 composite
  • dtolnay/rust-toolchain stable composite
  • redhat-actions/podman-login v1 composite
  • redhat-actions/push-to-registry v2 composite
.github/workflows/check.yml actions
  • Swatinem/rust-cache v2 composite
  • actions/checkout v4 composite
  • dtolnay/rust-toolchain v1 composite
.github/workflows/release.yml actions
  • actions/attest-sbom v1 composite
  • actions/checkout v4 composite
  • actions/download-artifact v4 composite
  • actions/upload-artifact v4 composite
  • dtolnay/rust-toolchain stable composite
  • softprops/action-gh-release v2 composite
  • taiki-e/install-action v2 composite
Cargo.lock cargo
  • 283 dependencies
Cargo.toml cargo