Metadata-Version: 2.0
Name: Geofront
Version: 0.4.0
Summary: Simple SSH key management service
Home-page: https://github.com/spoqa/geofront
Author: Spoqa
Author-email: dev@spoqa.com
License: AGPLv3 or later
Platform: UNKNOWN
Classifier: Development Status :: 4 - Beta
Classifier: Environment :: Web Environment
Classifier: Intended Audience :: Developers
Classifier: Intended Audience :: System Administrators
Classifier: License :: OSI Approved :: GNU Affero General Public License v3 or later (AGPLv3+)
Classifier: Operating System :: POSIX
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.3
Classifier: Programming Language :: Python :: 3.4
Classifier: Programming Language :: Python :: 3.5
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: Implementation :: CPython
Classifier: Topic :: Internet :: WWW/HTTP :: WSGI :: Application
Classifier: Topic :: System :: Systems Administration :: Authentication/Directory
Requires-Python: >=3.3.0
Requires-Dist: Flask (>=0.10.1)
Requires-Dist: Werkzeug (>=0.11)
Requires-Dist: apache-libcloud (>=1.1.0)
Requires-Dist: cryptography (>=1.4)
Requires-Dist: oauthlib[rsa,signedtoken] (>=1.1.1,<2.0.0)
Requires-Dist: paramiko (>=2.0.1)
Requires-Dist: setuptools
Requires-Dist: typeguard (>=2.1.1,<3.0.0)
Requires-Dist: waitress (>=1.0.2,<2.0.0)
Requires-Dist: singledispatch; python_version=='3.3'
Requires-Dist: typing; python_version=='3.3'
Requires-Dist: typing; python_version=='3.4'
Provides-Extra: docs
Requires-Dist: Sphinx (>=1.2); extra == 'docs'
Requires-Dist: sphinxcontrib-autoprogram; extra == 'docs'
Requires-Dist: sphinxcontrib-httpdomain (>=1.2.1); extra == 'docs'
Provides-Extra: tests
Requires-Dist: iso8601 (>=0.1.10); extra == 'tests'
Requires-Dist: pytest (>=2.5.0); extra == 'tests'
Requires-Dist: pytest-cov; extra == 'tests'
Requires-Dist: redis; extra == 'tests'
Requires-Dist: sftpserver (==0.2setuptools); extra == 'tests'

Geofront
========

.. image:: https://badges.gitter.im/spoqa/geofront.svg
   :alt: Join the chat at https://gitter.im/spoqa/geofront
   :target: https://gitter.im/spoqa/geofront?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge

.. image:: https://badge.fury.io/py/Geofront.svg?
   :target: https://pypi.python.org/pypi/Geofront
   :alt: Latest PyPI version

.. image:: https://readthedocs.org/projects/geofront/badge/
   :target: https://geofront.readthedocs.io/
   :alt: Read the Docs

.. image:: https://travis-ci.org/spoqa/geofront.svg?branch=master
   :target: https://travis-ci.org/spoqa/geofront

.. image:: https://codecov.io/gh/spoqa/geofront/branch/master/graph/badge.svg
   :target: https://codecov.io/gh/spoqa/geofront

Geofront is a simple SSH key management server.  It helps to maintain servers
to SSH, and ``authorized_keys`` list for them.  `Read the docs`__ for more
details.

__ https://geofront.readthedocs.io/


Situations
----------

- If the team maintains ``authorized_keys`` list of all servers owned
  by the team:

  - When someone joins or leaves the team, all lists have to be updated.
  - *Who* do update the list?

- If the team maintains shared private keys to SSH servers:

  - These keys have to be expired when someone leaves the team.
  - There should be a shared storage for the keys.  (Dropbox?  srsly?)
  - Everyone might need to add ``-i`` option to use team's own key.

- The above ways are both hard to scale servers.  Imagine your team
  has more than 10 servers.


Idea
----

1. Geofront has its own *master key*.  The private key is never shared.
   The master key is periodically and automatically regened.
2. Every server has a simple ``authorized_keys`` list, which authorizes
   only the master key.
3. Every member registers their own public key to Geofront.
   The registration can be omitted if the key storage is GitHub, Bitbucket,
   etc.
4. A member requests to SSH a server, then Geofront *temporarily*
   (about 30 seconds, or a minute) adds their public key to ``authorized_keys``
   of the requested server.


Prerequisites
-------------

- Linux, BSD, Mac
- Python 3.3+
- Third-party packages (automatically installed together)

  - Paramiko_ 2.0.1+ (which requires cryptography_)
  - Werkzeug_ 0.11+
  - Flask_ 0.10.1+
  - OAuthLib_ 1.1.1+
  - Apache Libcloud_ 1.1.0+
  - Waitress_ 1.0.2+
  - singledispatch_ (only if Python is older than 3.4)
  - typing_ (only if Python is older than 3.5)
  - typeguard_ 2.1.1+

.. _Paramiko: http://www.paramiko.org/
.. _cryptography: https://cryptography.io/
.. _Werkzeug: http://werkzeug.pocoo.org/
.. _Flask: http://flask.pocoo.org/
.. _OAuthLib: https://github.com/idan/oauthlib
.. _Libcloud: http://libcloud.apache.org/
.. _Waitress: https://github.com/Pylons/waitress
.. _singledispatch: https://pypi.python.org/pypi/singledispatch
.. _typing: https://pypi.python.org/pypi/typing
.. _typeguard: https://github.com/agronholm/typeguard


Author and license
------------------

Geofront is written by `Hong Minhee`__, maintained by Spoqa_, and licensed
under AGPL3_ or later.  You can find the source code from GitHub__:

.. code-block:: console

   $ git clone git://github.com/spoqa/geofront.git


__ https://hongminhee.org/
.. _Spoqa: http://www.spoqa.com/
.. _AGPL3: http://www.gnu.org/licenses/agpl-3.0.html
__ https://github.com/spoqa/geofront


Missing features
----------------

- Google Apps backend [`#3`_]
- Fabric_ integration
- PuTTY_ integration

(Contributions would be appreciated!)

.. _Fabric: http://www.fabfile.org/
.. _PuTTY: http://www.chiark.greenend.org.uk/~sgtatham/putty/
.. _#3: https://github.com/spoqa/geofront/issues/3


