If using the authorized_keys file it would also be nice to have support for extra options like from, environment, no-pty, etc. If I someone wants to allow me to log into their server, they can then run something like keybase get-ssh-key efreak would then ask them which key(s) they want to import to the local system, or keybase get-ssh-key efreak#desktop would only import my desktop key. Possibly default to the public name of the local key, followed by a number. Something like keybase add-ssh-key ~/.ssh/id_rsa.pub desktop to add my desktop's public key to keybase. If so, do they need to run a keybase command on each of these machines, and then, what gets added to authorized_keys? all of them? Regarding do we deal, for convenience, with either key portability or multiple SSH keys per user? I think many users have the workflow that they generate a new key pair with ssh-keygen every time they set up a new machine. I also recommend a proof of some kind over simply logging into a keybase ssh server. I suppose that you could do this informally by placing your public key in your public/shared private folders, and simply using a script to copy/verify it, but automating it would be much nicer. But yeah, we really like the idea of finding a way of solving "Let user X onto this machine"
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |