Easy SSH public key distribution
Being in touch with unixoid servers I quite know my way around SSH. It’s as important as your daily dose of water to be able to authenticate to servers via the SSH protocol.
However, a SSH-environment isn’t known to be easy when it comes to maintenance. And being a security protocol, that’s quite a pity.
A nice way of authenticating users is the use of a public/private key-pairs either using RSA- or DSA-encryption (with DSA being the better one). And using password-protected SSH-Keys easily enables you to use 2-factor-authentication.
All public keys of users granted to log on as a specific user on a specific host are inside a file called „authorized_keys“ in the directory „.ssh“ under the user’s home-directory.
If you only have some hosts and some users it’s easy to maintain such environment by manually keeping track which users have access to which users on which systems.
However, if you have to manage a park of 300 systems and varying users, that is quite a task.
As I wasn’t able to find a decent, working tool to manage such environment, I wrote my own and dug out my [[http://www.djangoproject.com|Django-knowledge]] from ages ago. I found Django quite nice for that task, as it is really quite powerful and easy handling easy database tasks (which is most of the work needed for such management application). For the UI I used the [[http://html5boilerplate.com|HTML5Boilerplate-template]] and some handcrafted css.
The application is called **skd** (simple key distribution) and is available on it’s [[http://dploeger.github.com/skd/|Github-Page]]. It’s not completed right now and in Alpha-stage. But you can try it on development servers to get an overview. And you can watch the project on github to be notified, when a first version is released.
**skd** organizes hosts and users with keys in groups and binds a hostgroup to a usergroup to grant access to all users in the usergroup to all hosts in the hostgroup.
Thus you could create a usergroup called „DMZ-administrators“ and a hostgroup called „DMZ-hosts“, put all DMZ-Administrators and -hosts into the groups and bind them together to quickly distribute all keys to these hosts.
And if you remove one user from a group and reapply the key is removed from all hosts in just one click.
There are still some things to do. So if you know Django and python, I’m happy to accept some pull requests.
Calendar
| M | D | M | D | F | S | S |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
Archive
- Januar 2024
- Dezember 2023
- April 2021
- März 2021
- September 2020
- Dezember 2019
- November 2019
- Oktober 2019
- Juli 2019
- Juni 2019
- Mai 2019
- April 2019
- März 2019
- September 2018
- August 2018
- Juli 2018
- März 2018
- Januar 2018
- Dezember 2017
- September 2017
- März 2017
- Februar 2017
- Januar 2017
- August 2016
- Mai 2016
- Dezember 2015
- November 2015
- August 2015
- März 2015
- Dezember 2014
- September 2014
- August 2014
- Juli 2014
- Februar 2014
- Oktober 2013
- September 2013
- August 2013
- Juli 2013
- Juni 2013
- Mai 2013
- April 2013
- November 2012
- Oktober 2012
- September 2012
- August 2012
- Juni 2012
- Mai 2012
- März 2012
- Februar 2012
- Januar 2012
- November 2011
- Juli 2011
- Juni 2011
- März 2011
- Februar 2011
- Januar 2011
- Dezember 2010
- November 2010
- April 2010
- Februar 2010