Need a way to de-authenticate people from a given Tessel

[Frijol]

Currently we have tessel provision to authenticate, but there's no way to see who is authenticated or remove them.

[johnnyman727]

How about a --remove flag for the authorize command? I think that's better than a whole new command because I think it won't be used all that often.

[Frijol]

and --list. That makes sense

[johnnyman727]

I'm not sure if we can actually show who is authenticated beyond just printing out a key. What did you have in mind @Frijol ?

[Frijol]

not sure. ssh-keygen appends an email, doesn't it?

[nplus11]

Yes, it would be able to display the email/name at the end of the key. This might be too revealing, but it would show the various devices. Keep in mind those ending emails can also be things like johndoe@Johns-MacBook.local

[johnnyman727]

That sounds good to me. @Frijol is this addition ready to be moved over to the provision issue?

[Frijol]

What is the interplay between this and the new tessel key command?

[johnnyman727]

tessel provision --remove would internally call the same function as tessel key delete.

[Frijol]

Sounds good. To fully spec this, we should have an example of the features: --list and --remove

[kevinmehall]

No, it's not the same as tessel key delete as specified in #99 -- key delete would remove the keypair locally (why?), while provision --remove would remove the public key from a device. We should also consider the case of removing someone else's key, rather than your own.

[johnnyman727]

No, it's not the same as tessel key delete as specified in #99 -- key delete would remove the keypair locally (why?), while provision --remove would remove the public key from a device.

Yeah, my mistake - @kevinmehall's right.

We should also consider the case of removing someone else's key, rather than your own.

For this case, we can make the API remove your key by default or allow a --email flag for the user you would like to deauthenticate.

[johnnyman727]

I added this as a to-do item in #64.