Publish Design Doc

[mcpherrinm]

I wrote a design doc, which should be published in this repo (minus any proprietary stuff).

[bensallen]

In lieu of a design doc, why include the nodes' public keys in the known_hosts files instead of single @cert-authority entry with the CA's pub key?

[mcpherrinm]

Not all clients support trusting CAs, and not all servers (eg, our networking gear) support serving certificates. Since we have the information anyways, we can just put them in the known_hosts.

There seems to be little harm in doing so, and it provided the lowest-risk path for us (replacing hand-crafted ssh-keyscan'd known_hosts files)

Also, if you've got bash completion set up, you can tab complete hostnames.

[bensallen]

Seems reasonable. Perhaps we should add an option to include the CA pub key in the generated known_hosts, and a separate option to include hosts' pub keys.

In the case of networking gear or other nodes where you can't run sharkey-client, do you manually insert those records into the database currently?

[mcpherrinm]

Yeah, supporting multiple kinds of known_hosts generation (including ca, hosts, or both) was planned in the original design doc (just hasn't been done yet). I'll make sure there's an issue on github tracking that.

Once #12 is done, we could presumably use that to manually add them, or as you said, we can manually inserting them into the database.

We'd like to add an API for a "trusted 3rd party" (eg, our network device management service) to be able to add devices it manages. We'd need some ACLs around what hosts it's allowed to add, though.