Geofront is a simple SSH key management server. It helps to maintain servers
to SSH, and authorized_keys
list for them. Read the docs for more
details.
- If the team maintains
authorized_keys
list of all servers owned by the team:- When someone joins or leaves the team, all lists have to be updated.
- Who do update the list?
- If the team maintains shared private keys to SSH servers:
- These keys have to be expired when someone leaves the team.
- There should be a shared storage for the keys. (Dropbox? srsly?)
- Everyone might need to add
-i
option to use team's own key.
- The above ways are both hard to scale servers. Imagine your team has more than 10 servers.
- Geofront has its own master key. The private key is never shared. The master key is periodically and automatically regened.
- Every server has a simple
authorized_keys
list, which authorizes only the master key. - Every member registers their own public key to Geofront. The registration can be omitted if the key storage is GitHub, Bitbucket, etc.
- A member requests to SSH a server, then Geofront temporarily
(about 30 seconds, or a minute) adds their public key to
authorized_keys
of the requested server.
- Linux, BSD, Mac
- Python 3.3+
- Third-party packages (automatically installed together)
Geofront is written by Hong Minhee, maintained by Spoqa, and licensed under AGPL3 or later. You can find the source code from GitHub:
$ git clone git://github.com/spoqa/geofront.git
(Contributions would be appreciated!)