Feature Request - Key Management

[mrjk05]

Good start mate.

Im looking for something slightly different to what you have started but I think it could be added into this code base.

Essentially:

• Admin panel that hooks into AWS IAM to allow administrator to create keypairs
• Admin panel that brings up all the current EC2 instances and the current keypairs associated with that instance (from the authorized_keys file in .ssh folder)
• Ability to add new keypair generated for new user to that EC2 instance
• Ability for user to log into this admin panel to retrieve the keypair. I guess they need to log into the panel first to run the AWS keypair generation. This will then create the public key data stored in AWS and provide the user the secret private key pem file. At the same time the system will convert the pem file into a pub file using ssh-keygen -t rsa. The contents of the pub file to be saved to the the user's local machine. Remembering that these should be kept as private as possible.
• Should be able to quickly see which servers have keys, who has access and to quickly add or remove access SSH keys from these servers

Thoughts?

[kislyuk]

Thanks!

An admin UI like that is likely beyond the scope of this library. This library deliberately does not concern itself with the contents of user directories, running a UI and a server, creating service IAM roles or daemons with administrative permissions, etc. All those things are perilous and hard to get right security wise. This library makes the bare minimum set of security decisions needed to do its job, and luckily doesn't have to touch anything beyond IAM, sshd and PAM. I find it hard to imagine safely increasing the footprint by the amount that you describe, but you're welcome to use this as a foundation.