[Python-Dev] Collecting SSH keys
"Martin v. Löwis"
martin at v.loewis.de
Mon Aug 22 16:20:37 CEST 2005
Stephen J. Turnbull wrote:
> On cvs.xemacs.org (aka SunSITE.dk) ssh+cvs access with cvs access
> control being handled by a Perl script scales to approximately 85
> users. I don't handle key management directly, but I believe several
> users use multiple keys (I don't personally). I've never heard any
> complaints from the guys who actually do key management; they just
> keep authorized_keys in alphabetical order by comment (= user's real
> name). Nor do I notice any authorization overhead vs. a simple ssh
> login when accessing the cvs server.[1] Evidently the "what keys do
> you have?" negotiation with the agent takes very little time (in
> terms of what a human can notice).
That's encouraging; I'm willing to proceed with that approach then.
As for key management: I just designed an infrastructure where
~pythondev/keys is a directory containing files named, say
"Martin v. Loewis" (with spaces, ASCII only); the contents of
the files are just the public keys. I run then make_authorized_keys,
which regenerates the authorized_keys2 file, adding all the
command= lines. This avoids editing authorized_keys2 in a text
editor.
Regards,
Martin
More information about the Python-Dev
mailing list