Geofront is a simple SSH key management server. It helps to maintain servers
to SSH, and authorized_keys
list for them. Read the docs for more
details.
- If the team maintains
authorized_keys
list of all servers owned by the team:- When someone joins or leaves the team, all lists have to be updated.
- Who do update the list?
- If the team maintains shared private keys to SSH servers:
- These keys have to be expired when someone leaves the team.
- There should be a shared storage for the keys. (Dropbox? srsly?)
- Everyone might need to add
-i
option to use team's own key.
- The above ways are both hard to scale servers. Imagine your team has more than 10 servers.
- Geofront has its own master key. The private key is never shared. The master key is periodically and automatically regened.
- Every server has a simple
authorized_keys
list, which authorizes only the master key. - Every member registers their own public key to Geofront. The registration can be omitted if the key storage is GitHub, Bitbucket, etc.
- A member requests to SSH a server, then Geofront temporarily
(about 30 seconds, or a minute) adds their public key to
authorized_keys
of the requested server.
- Linux, BSD, Mac
- Python 3.3+
- Third-party packages (automatically installed together)
- Paramiko 2.0.1+ (which requires cryptography)
- Werkzeug 0.11+
- Flask 0.10.1+
- Flask-Sockets 0.2.1+
- gevent 1.1.2+
- OAuthLib 1.1.1+
- Apache Libcloud 1.1.0+
- singledispatch (only if Python is older than 3.4)
- typing (only if Python is older than 3.5)
- typeguard 2.1.1+
Geofront is written by Hong Minhee, maintained by Spoqa, and licensed under AGPL3 or later. You can find the source code from GitHub:
$ git clone git://github.com/spoqa/geofront.git
(Contributions would be appreciated!)