Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/geofront-auth/geofront
Simple SSH key management service
https://github.com/geofront-auth/geofront
geofront python ssh ssh-key
Last synced: 3 months ago
JSON representation
Simple SSH key management service
- Host: GitHub
- URL: https://github.com/geofront-auth/geofront
- Owner: geofront-auth
- License: agpl-3.0
- Created: 2014-03-30T14:34:46.000Z (over 10 years ago)
- Default Branch: master
- Last Pushed: 2019-03-13T12:11:04.000Z (over 5 years ago)
- Last Synced: 2024-05-19T07:39:41.214Z (6 months ago)
- Topics: geofront, python, ssh, ssh-key
- Language: Python
- Homepage: https://geofront.readthedocs.io/
- Size: 430 KB
- Stars: 345
- Watchers: 42
- Forks: 38
- Open Issues: 11
-
Metadata Files:
- Readme: README.rst
- Contributing: CONTRIBUTING.rst
- License: LICENSE
Awesome Lists containing this project
README
Geofront
========.. image:: https://badges.gitter.im/spoqa/geofront.svg
:alt: Join the chat at https://gitter.im/spoqa/geofront
:target: https://gitter.im/spoqa/geofront?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge.. image:: https://badge.fury.io/py/Geofront.svg?
:target: https://pypi.python.org/pypi/Geofront
:alt: Latest PyPI version.. image:: https://readthedocs.org/projects/geofront/badge/
:target: https://geofront.readthedocs.io/
:alt: Read the Docs.. image:: https://travis-ci.org/spoqa/geofront.svg?branch=master
:target: https://travis-ci.org/spoqa/geofront.. image:: https://codecov.io/gh/spoqa/geofront/branch/master/graph/badge.svg
:target: https://codecov.io/gh/spoqa/geofrontGeofront is a simple SSH key management server. It helps to maintain servers
to SSH, and ``authorized_keys`` list for them. `Read the docs`__ for more
details.__ https://geofront.readthedocs.io/
Situations
----------- If the team maintains ``authorized_keys`` list of all servers owned
by the team:- When someone joins or leaves the team, all lists have to be updated.
- *Who* do update the list?- If the team maintains shared private keys to SSH servers:
- These keys have to be expired when someone leaves the team.
- There should be a shared storage for the keys. (Dropbox? srsly?)
- Everyone might need to add ``-i`` option to use team's own key.- The above ways are both hard to scale servers. Imagine your team
has more than 10 servers.Idea
----1. Geofront has its own *master key*. The private key is never shared.
The master key is periodically and automatically regened.
2. Every server has a simple ``authorized_keys`` list, which authorizes
only the master key.
3. Every member registers their own public key to Geofront.
The registration can be omitted if the key storage is GitHub, Bitbucket,
etc.
4. A member requests to SSH a server, then Geofront *temporarily*
(about 30 seconds, or a minute) adds their public key to ``authorized_keys``
of the requested server.Prerequisites
-------------- Linux, BSD, Mac
- Python 3.3+
- Third-party packages (automatically installed together)- Paramiko_ 2.0.1+ (which requires cryptography_)
- Werkzeug_ 0.11+
- Flask_ 0.10.1+
- Flask-Sockets_ 0.2.1+
- gevent_ 1.1.2+
- OAuthLib_ 1.1.1+
- Apache Libcloud_ 1.1.0+
- singledispatch_ (only if Python is older than 3.4)
- typing_ (only if Python is older than 3.5)
- typeguard_ 2.1.1+.. _Paramiko: http://www.paramiko.org/
.. _cryptography: https://cryptography.io/
.. _Werkzeug: http://werkzeug.pocoo.org/
.. _Flask: http://flask.pocoo.org/
.. _Flask-Sockets: https://github.com/kennethreitz/flask-sockets
.. _gevent: http://www.gevent.org/
.. _OAuthLib: https://github.com/idan/oauthlib
.. _Libcloud: http://libcloud.apache.org/
.. _singledispatch: https://pypi.python.org/pypi/singledispatch
.. _typing: https://pypi.python.org/pypi/typing
.. _typeguard: https://github.com/agronholm/typeguardAuthor and license
------------------Geofront is written by `Hong Minhee`__, maintained by Spoqa_, and licensed
under AGPL3_ or later. You can find the source code from GitHub__:.. code-block:: console
$ git clone git://github.com/spoqa/geofront.git
__ https://hongminhee.org/
.. _Spoqa: http://www.spoqa.com/
.. _AGPL3: http://www.gnu.org/licenses/agpl-3.0.html
__ https://github.com/spoqa/geofrontMissing features
----------------- Google Apps backend [`#3`_]
- Fabric_ integration
- PuTTY_ integration(Contributions would be appreciated!)
.. _Fabric: http://www.fabfile.org/
.. _PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty/
.. _#3: https://github.com/spoqa/geofront/issues/3