Geofront is a simple SSH key management server. It helps to maintain servers
to SSH, and
authorized_keys list for them. Read the docs for more
- If the team maintains
authorized_keyslist of all servers owned by the team:
- When someone joins or leaves the team, all lists have to be updated.
- Who do update the list?
- If the team maintains shared private keys to SSH servers:
- These keys have to be expired when someone leaves the team.
- There should be a shared storage for the keys. (Dropbox? srsly?)
- Everyone might need to add
-ioption to use team’s own key.
- The above ways are both hard to scale servers. Imagine your team has more than 10 servers.
- Geofront has its own master key. The private key is never shared. The master key is periodically and automatically regened.
- Every server has a simple
authorized_keyslist, which authorizes only the master key.
- Every member registers their own public key to Geofront. The registration can be omitted if the key storage is GitHub, Bitbucket, etc.
- A member requests to SSH a server, then Geofront temporarily
(about 30 seconds, or a minute) adds their public key to
authorized_keysof the requested server.
(Contributions would be appreciated!)
- HTTP API
geofront— Simple SSH key management service
geofront.backends— Backend implementations
geofront.identity— Member identification
geofront.keystore— Public key store
geofront.masterkey— Master key management
geofront.regen— Regen master key
geofront.remote— Remote sets
geofront.server— Key management service
geofront.team— Team authentication
geofront.version— Version data