Geofront is a simple SSH key management server. It helps to maintain servers
to SSH, and
authorized_keys list for them. Read the docs for more
- If the team maintains
authorized_keyslist of all servers owned by the team:
- When someone joins or leaves the team, all lists have to be updated.
- Who do update the list?
- If the team maintains shared private keys to SSH servers:
- These keys have to be expired when someone leaves the team.
- There should be a shared storage for the keys. (Dropbox? srsly?)
- Everyone might need to add
-ioption to use team’s own key.
- The above ways are both hard to scale servers. Imagine your team has more than 10 servers.
- Geofront has its own master key. The private key is never shared. The master key is periodically and automatically regened.
- Every server has a simple
authorized_keyslist, which authorizes only the master key.
- Every member registers their own public key to Geofront. The registration can be omitted if the key storage is GitHub, Bitbucket, etc.
- A member requests to SSH a server, then Geofront temporarily
(about 30 seconds, or a minute) adds their public key to
authorized_keysof the requested server.
- Linux, BSD, Mac
- Python 3.3+
- Third-party packages (automatically installed together)
(Contributions would be appreciated!)
- How to contribute
- Geofront Changelog
- HTTP API
geofront— Simple SSH key management service
geofront.backends— Backend implementations
geofront.backends.bitbucket— Bitbucket Cloud team
geofront.backends.cloud— Libcloud-backed implementations
geofront.backends.dbapi— Key store using DB-API 2.0
geofront.backends.github— GitHub organization and key store
geofront.backends.oauth— Team backend bases for OAuth
geofront.backends.stash— Bitbucket Server team and key store
geofront.identity— Member identification
geofront.keystore— Public key store
geofront.masterkey— Master key management
geofront.regen— Regen master key
geofront.remote— Remote sets
geofront.server— Key management service
geofront.team— Team authentication
geofront.version— Version data