Geofront¶
Geofront is a simple SSH key management server. It helps to maintain servers
to SSH, and authorized_keys
list for them. Read the docs for more
details.
Situations¶
- If the team maintains
authorized_keys
list of all servers owned by the team:- When someone joins or leaves the team, all lists have to be updated.
- Who do update the list?
- If the team maintains shared private keys to SSH servers:
- These keys have to be expired when someone leaves the team.
- There should be a shared storage for the keys. (Dropbox? srsly?)
- Everyone might need to add
-i
option to use team’s own key.
- The above ways are both hard to scale servers. Imagine your team has more than 10 servers.
Idea¶
- Geofront has its own master key. The private key is never shared. The master key is periodically and automatically regened.
- Every server has a simple
authorized_keys
list, which authorizes only the master key. - Every member registers their own public key to Geofront. The registration can be omitted if the key storage is GitHub, Bitbucket, etc.
- A member requests to SSH a server, then Geofront temporarily
(about 30 seconds, or a minute) adds their public key to
authorized_keys
of the requested server.
Prerequisites¶
Author and license¶
Geofront is written by Hong Minhee, maintained by Spoqa, and licensed under AGPL3 or later. You can find the source code from GitHub:
$ git clone git://github.com/spoqa/geofront.git
Missing features¶
(Contributions would be appreciated!)
User’s guide¶
References¶
- HTTP API
- CLI
- Configuration
geofront
— Simple SSH key management servicegeofront.backends
— Backend implementationsgeofront.identity
— Member identificationgeofront.keystore
— Public key storegeofront.masterkey
— Master key managementgeofront.regen
— Regen master keygeofront.remote
— Remote setsgeofront.server
— Key management servicegeofront.team
— Team authenticationgeofront.util
— Utilitiesgeofront.version
— Version data