Geofront is a simple SSH key management server. It helps to maintain servers to SSH, and authorized_keys list for them.
- If the team maintains authorized_keys list of all servers owned
by the team:
- When someone joins or leaves the team, all lists have to be updated.
- Who do update the list?
- If the team maintains shared private keys to SSH servers:
- These keys have to be expired when someone leaves the team.
- There should be a shared storage for the keys. (Dropbox? srsly?)
- Everyone might need to add -i option to use team’s own key.
- The above ways are both hard to scale servers. Imagine your team have more than 10 servers.
- Geofront has its own master key. The private key is never shared. The master key is periodically and automatically regened.
- Every server has a simple authorized_keys list, which authorizes only the master key.
- Every member registers their own public key to Geofront. The registration can be omitted if the key storage is GitHub, Bitbucket, etc.
- A member requests to SSH a server, then Geofront temporarily (about 30 seconds, or a minute) adds their public key to authorized_keys of the requested server.
(Contributions would be appreciated!)
- HTTP API
- geofront — Simple SSH key management service
- geofront.backends — Backend implementations
- geofront.identity — Member identification
- geofront.keystore — Public key store
- geofront.masterkey — Master key management
- geofront.remote — Remote sets
- geofront.server — Key management service
- geofront.team — Team authentication
- geofront.util — Utilities
- geofront.version — Version data