Private rule feed authentication

Sublime uses SSH to authenticate to private rule feeds.

πŸ“˜

SSH URL Required

When adding a rule feed using SSH authentication to Sublime, you must use the SSH URL for the repository.

βœ… [email protected]:sublime-security/sublime-rules.git

❌ https://github.com/sublime-security/sublime-rules.git

Adding an SSH key

When creating an SSH key, make sure not to put a password on the key, since there is no way for Sublime to enter in the password. Don't worry though, the key is still encrypted in transit and at rest!

GitHub

  1. Generate a new SSH key
  2. Add the new SSH key to either your GitHub account or as a deploy key for the private repository containing your feed

GitLab

  1. Generate a new SSH key
  2. Add the SSH key to your GitLab account

Known host public key

When adding a private feed to Sublime, you can optionally provide a known host public key as extra protection against configuration errors and man-in-the-middle attacks. An SSH connection will fail if the public keys don't match.

Use ssh-keyscan to look up the public key for your Git server. For example, ssh-keyscan github.com will provide GitHub's current public key of:

ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=