Skip to content

/ saltfs

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

We need a better story for SSH key rotation #693

Closed
Manishearth opened this issue Jun 7, 2017 · 2 comments
Closed

We need a better story for SSH key rotation #693

Manishearth opened this issue Jun 7, 2017 · 2 comments

Comments

@Manishearth
Copy link
Member

@Manishearth Manishearth commented Jun 7, 2017

Salt only adds keys, and doesn't remove them. We should be able to remove a key from the list here and have it get removed on the server.

I had to rotate a key recently and I had to change salt and also run some sed commands on all machines.

cc @edunham
@aneeshusa
Copy link
Member

@aneeshusa aneeshusa commented Jun 7, 2017

The relevant PR is #692.

There is an ssh_auth.absent state which may be helpful: https://docs.saltstack.com/en/2016.3/ref/states/all/salt.states.ssh_auth.html#salt.states.ssh_auth.absent

I'd prefer to just control the entire contents of the authorized_keys file, but it looks like AWS injects some extra keypairs at the top of the file? Not sure if Macstadium does as well.
@edunham
Copy link
Contributor

@edunham edunham commented Jun 7, 2017

AWS's injection is the servo and servo-reserved-instances keys that we provide them at instance creation time. It would probably be good form to keep those when overwriting the file, but those pubkeys will rarely change so we could just stick them in the pillar.

I believe that Macstadium does not use SSH access to our machines, so we would be OK to overwrite the authorized_keys on every highstate.

So, we should be fine to have Salt manage authorized_keys as a file constructed from the keys in the pillar and rewrite it whenever it wants.
@aneeshusa aneeshusa mentioned this issue Jun 7, 2017
Merged
bors-servo added a commit that referenced this issue Jun 14, 2017
@bors-servo
Auto merge of #694 - aneeshusa:enable-easy-ssh-key-revocation, r=edunham
Loading status checks…
18dd9b1 
Enable easy ssh key revocation

Fully manage the `.ssh/authorized_keys` file for root,
so that keys removed from Salt are also removed from the file.

Note that the AWS (Linux) machines are configured to have two
additional keys in the root `authorized_keys` file,
namely `servo-aws` and `servo-aws-reserved-instances`,
but when used these keys will tell the user to log in as ubuntu,
so they don't provide real access.
Remove these keys as they are not useful.

Add documentation about gaining SSH access and revoking/rotating keys.

Fixes #693.

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/saltfs/694)
<!-- Reviewable:end -->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
@edunham @Manishearth @aneeshusa
You can’t perform that action at this time.