Geofront¶
Geofront is a simple SSH key management server. It helps to maintain servers
to SSH, and authorized_keys
list for them. Read the docs for more
details.
Situations¶
- If the team maintains
authorized_keys
list of all servers owned by the team:- When someone joins or leaves the team, all lists have to be updated.
- Who do update the list?
- If the team maintains shared private keys to SSH servers:
- These keys have to be expired when someone leaves the team.
- There should be a shared storage for the keys. (Dropbox? srsly?)
- Everyone might need to add
-i
option to use team’s own key.
- The above ways are both hard to scale servers. Imagine your team has more than 10 servers.
Idea¶
- Geofront has its own master key. The private key is never shared. The master key is periodically and automatically regened.
- Every server has a simple
authorized_keys
list, which authorizes only the master key. - Every member registers their own public key to Geofront. The registration can be omitted if the key storage is GitHub, Bitbucket, etc.
- A member requests to SSH a server, then Geofront temporarily
(about 30 seconds, or a minute) adds their public key to
authorized_keys
of the requested server.
Prerequisites¶
- Linux, BSD, Mac
- Python 3.3+
- Third-party packages (automatically installed together)
- Paramiko 2.0.1+ (which requires cryptography)
- Werkzeug 0.11+
- Flask 0.10.1+
- OAuthLib 1.1.1+
- Apache Libcloud 1.1.0+
- Waitress 1.0.2+
- singledispatch (only if Python is older than 3.4)
- typing (only if Python is older than 3.5)
- typeguard 2.1.1+
Author and license¶
Geofront is written by Hong Minhee, maintained by Spoqa, and licensed under AGPL3 or later. You can find the source code from GitHub:
$ git clone git://github.com/spoqa/geofront.git
Missing features¶
(Contributions would be appreciated!)
User’s guide¶
References¶
- HTTP API
- CLI
- Configuration
geofront
— Simple SSH key management servicegeofront.backends
— Backend implementationsgeofront.backends.bitbucket
— Bitbucket Cloud teamgeofront.backends.cloud
— Libcloud-backed implementationsgeofront.backends.dbapi
— Key store using DB-API 2.0geofront.backends.github
— GitHub organization and key storegeofront.backends.oauth
— Team backend bases for OAuthgeofront.backends.stash
— Bitbucket Server team and key store
geofront.identity
— Member identificationgeofront.keystore
— Public key storegeofront.masterkey
— Master key managementgeofront.regen
— Regen master keygeofront.remote
— Remote setsgeofront.server
— Key management servicegeofront.team
— Team authenticationgeofront.version
— Version data