Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/pawelchcki/amyssh
https://github.com/pawelchcki/amyssh
Last synced: about 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/pawelchcki/amyssh
- Owner: pawelchcki
- License: bsd-2-clause
- Created: 2013-08-04T11:33:22.000Z (over 11 years ago)
- Default Branch: master
- Last Pushed: 2013-10-22T20:46:05.000Z (about 11 years ago)
- Last Synced: 2024-04-18T04:11:48.156Z (8 months ago)
- Language: Go
- Size: 180 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
AmySSH
============A deamonizable command line utility to handle distribution of ssh keys.
In short this 'simple' program does following:
- using configured list of host assigned tags and per user account assigned tags asks mysql for all SSH keys assigned to those host.user tag pairs.
- combines received list with locally configured ssh keys
- checks if current authorized_keys contains all required ssh keys
- if check fails it recreates authorized_keys file
- sleeps for some timeCurrently only MySQL tag source is supported but other sources are planned
Performance
================Shortcomings:
- Currently each AmySSH instance opens and holds connection to db server.
- On each iteration potentially expensive query is performed (hey, I'm not a DB person)
Somewhat OK:- AmySSH can detect if operation is taking longer than 'usual' and increase wait time between successive SQL operations
- It caches information about file contents so that we don't have to reread authorized_keys file on every iteration
- SSH keys redistribution is not exactly something that needs to be real-time so iteration intervals of minutes are entirely acceptableWith this it seems that even shared mysql server can easily serve thousands of AmySSH clients with minimum intervals of 500ms
TODO
======- Add 'single shot' option so that AmySSH can by run via cron
- Add signature verification to fetched keys
- Implement dropping db connection on iterations when interval is greater than certain amount
- Write sample config
- Daemon mode so that using old init.d is cleanerTrivia
========AmySSH name has dual origin.
1. as a 'portmanteau' of MySQL and SSH. 'a MySSH'
2. similarly to MySQL its named after its creator daughter :)BTW both pronunciations 'Amish' and Amy-SSH are supported