-2

I've got a situation where 40 users are going to come in and use fresh machines to work on git repos and push them to github. I'm trying to think of the simplest way to handle ssh keys. I see the ideal situation is that every user has their own ssh key, and a different one for every machine. The problem is that we're going to have a single user account on each of the machines, and we'd rather not have to deal with setting up a separate ssh key on every machine. Not to mention users will be switching between different machines.

Right now I'm thinking the best option will be to simply set up one ssh key across all of the machines and have every user add it to their github account. Given the security implications, I'd rather come up with something better, and I'm not entirely sure how github will handle it either, but the most important thing for us is to minimize user headache. What options are available to ease the situation?

Update: So being that we wanted to avoid setting up a server to manage all the machines, we set up a single ssh key across all the machines, which is associated with its own github account. Students either push to that account or add it as a contributor on their projects, and then use edgecase-git-pair to manage commits.

lobati
  • 111
  • 3

2 Answers2

2

Configure 389-ds/OpenLDAP to store ssh keys.

http://linuxhow-tos.blogspot.in/2012/03/store-ssh-keys-in-ldap.html

atvt
  • 454
  • 4
  • 11
0

You want to do what now? I don't understand what you're trying to do. What's wrong with having each person have their own account, with their own SSH key, and centralise the key and user management (either create users/keys per machine with Puppet/Chef, or use LDAP)?

As far as SSH key management with Github, there's one (small but significant) caveat -- every SSH key can only be associated with a single Github account. This isn't as big a practical problem as you might think, as you can grant access to other users to your repositories (or use organisations for large-scale access control management), but it does put a bit of a crimp in your plans to put all sorts of keys everyone.

womble
  • 96,255
  • 29
  • 175
  • 230
  • I'm in favor of an LDAP situation, but the fellow who is setting up the machines doesn't want to have to deal with server maintenance. He wants to set up the stations and then walk away. We've got an image we're deploying to all of the machines with a single user account on it. Right now it looks like some bash scripting will be necessary to switch out ssh keys, maybe synced between machines via dropbox. – lobati May 03 '12 at 08:48
  • If someone doesn't want to deal with maintenance, one shouldn't become a sysadmin. – womble May 03 '12 at 10:22
  • That's kind of the point. He doesn't want to be a sysadmin. – lobati May 03 '12 at 17:09
  • Then why is he setting up the machines? – womble May 04 '12 at 11:08
  • Because he's the person on staff who has the knowledge and is willing to take it on. – lobati May 04 '12 at 16:05
  • "willing to take it on" and "doesn't want to be a sysadmin" are a paradox. – womble May 05 '12 at 03:13