Geofront is a simple SSH key management server. It helps to maintain servers
to SSH, and
authorized_keys list for them. Read the docs for more
- If the team maintains
authorized_keyslist of all servers owned by the team:
- When someone joins or leaves the team, all lists have to be updated.
- Who do update the list?
- If the team maintains shared private keys to SSH servers:
- These keys have to be expired when someone leaves the team.
- There should be a shared storage for the keys. (Dropbox? srsly?)
- Everyone might need to add
-ioption to use team's own key.
- The above ways are both hard to scale servers. Imagine your team has more than 10 servers.
- Geofront has its own master key. The private key is never shared. The master key is periodically and automatically regened.
- Every server has a simple
authorized_keyslist, which authorizes only the master key.
- Every member registers their own public key to Geofront. The registration can be omitted if the key storage is GitHub, Bitbucket, etc.
- A member requests to SSH a server, then Geofront temporarily
(about 30 seconds, or a minute) adds their public key to
authorized_keysof the requested server.
- Linux, BSD, Mac
- Python 3.3+
- Third-party packages (automatically installed together)
Author and license
$ git clone git://github.com/spoqa/geofront.git
(Contributions would be appreciated!)