Idea: an application for managing ssh access
Here’s something I’ve been thinking of writing for… oh… five years now.
Essentially it’s a less retarded way of managing ssh access. It’s a good idea for everybody not to share root passwords, but if everybody has their own private/public key pair for ssh access, key management becomes a pain.
My idea is to have a simple application that would keep record of everybody’s public keys and would allow people to request access to servers, possibly on a timed basis. If their request is approved, a background process would add their public key onto the
.ssh/authorized_users file for those servers when it’s being regenerated.
Both servers and users could also be organised into groups for ease of administration.
That way there’s no need for explicit key management, the number of people who need to know root passwords is minimised, and there’s no need to have common ssh keys.