Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/geofront-auth/geofront

Simple SSH key management service
https://github.com/geofront-auth/geofront

geofront python ssh ssh-key

Last synced: 3 months ago
JSON representation

Simple SSH key management service

Host: GitHub
URL: https://github.com/geofront-auth/geofront
Owner: geofront-auth
License: agpl-3.0
Created: 2014-03-30T14:34:46.000Z (over 10 years ago)
Default Branch: master
Last Pushed: 2019-03-13T12:11:04.000Z (over 5 years ago)
Last Synced: 2024-05-19T07:39:41.214Z (6 months ago)
Topics: geofront, python, ssh, ssh-key
Language: Python
Homepage: https://geofront.readthedocs.io/
Size: 430 KB
Stars: 345
Watchers: 42
Forks: 38
Open Issues: 11
Metadata Files:
- Readme: README.rst
- Contributing: CONTRIBUTING.rst
- License: LICENSE

Awesome Lists containing this project

README

        Geofront

========

.. image:: https://badges.gitter.im/spoqa/geofront.svg

   :alt: Join the chat at https://gitter.im/spoqa/geofront

   :target: https://gitter.im/spoqa/geofront?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge

.. image:: https://badge.fury.io/py/Geofront.svg?

   :target: https://pypi.python.org/pypi/Geofront

   :alt: Latest PyPI version

.. image:: https://readthedocs.org/projects/geofront/badge/

   :target: https://geofront.readthedocs.io/

   :alt: Read the Docs

.. image:: https://travis-ci.org/spoqa/geofront.svg?branch=master

   :target: https://travis-ci.org/spoqa/geofront

.. image:: https://codecov.io/gh/spoqa/geofront/branch/master/graph/badge.svg

   :target: https://codecov.io/gh/spoqa/geofront

Geofront is a simple SSH key management server.  It helps to maintain servers

to SSH, and ``authorized_keys`` list for them.  `Read the docs`__ for more

details.

__ https://geofront.readthedocs.io/

Situations

----------

- If the team maintains ``authorized_keys`` list of all servers owned

  by the team:

  - When someone joins or leaves the team, all lists have to be updated.

  - *Who* do update the list?

- If the team maintains shared private keys to SSH servers:

  - These keys have to be expired when someone leaves the team.

  - There should be a shared storage for the keys.  (Dropbox?  srsly?)

  - Everyone might need to add ``-i`` option to use team's own key.

- The above ways are both hard to scale servers.  Imagine your team

  has more than 10 servers.

Idea

----

1. Geofront has its own *master key*.  The private key is never shared.

   The master key is periodically and automatically regened.

2. Every server has a simple ``authorized_keys`` list, which authorizes

   only the master key.

3. Every member registers their own public key to Geofront.

   The registration can be omitted if the key storage is GitHub, Bitbucket,

   etc.

4. A member requests to SSH a server, then Geofront *temporarily*

   (about 30 seconds, or a minute) adds their public key to ``authorized_keys``

   of the requested server.

Prerequisites

-------------

- Linux, BSD, Mac

- Python 3.3+

- Third-party packages (automatically installed together)

  - Paramiko_ 2.0.1+ (which requires cryptography_)

  - Werkzeug_ 0.11+

  - Flask_ 0.10.1+

  - Flask-Sockets_ 0.2.1+

  - gevent_ 1.1.2+

  - OAuthLib_ 1.1.1+

  - Apache Libcloud_ 1.1.0+

  - singledispatch_ (only if Python is older than 3.4)

  - typing_ (only if Python is older than 3.5)

  - typeguard_ 2.1.1+

.. _Paramiko: http://www.paramiko.org/

.. _cryptography: https://cryptography.io/

.. _Werkzeug: http://werkzeug.pocoo.org/

.. _Flask: http://flask.pocoo.org/

.. _Flask-Sockets: https://github.com/kennethreitz/flask-sockets

.. _gevent: http://www.gevent.org/

.. _OAuthLib: https://github.com/idan/oauthlib

.. _Libcloud: http://libcloud.apache.org/

.. _singledispatch: https://pypi.python.org/pypi/singledispatch

.. _typing: https://pypi.python.org/pypi/typing

.. _typeguard: https://github.com/agronholm/typeguard

Author and license

------------------

Geofront is written by `Hong Minhee`__, maintained by Spoqa_, and licensed

under AGPL3_ or later.  You can find the source code from GitHub__:

.. code-block:: console

   $ git clone git://github.com/spoqa/geofront.git

__ https://hongminhee.org/

.. _Spoqa: http://www.spoqa.com/

.. _AGPL3: http://www.gnu.org/licenses/agpl-3.0.html

__ https://github.com/spoqa/geofront

Missing features

----------------

- Google Apps backend [`#3`_]

- Fabric_ integration

- PuTTY_ integration

(Contributions would be appreciated!)

.. _Fabric: http://www.fabfile.org/

.. _PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty/

.. _#3: https://github.com/spoqa/geofront/issues/3