Delete SSH key on remote removal
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ssh-import-id |
Triaged
|
Wishlist
|
Unassigned | ||
Bug Description
Let's say I have key foo and key bar in my Launchpad account. For some reason, I accidentally lose key bar's private key to a malicious entity. Wanting to act on the safe side, I need to update everything to not be accessible using the bar SSH key, but I still want foo to be accessible.
I could either go to each one of my thousands of servers (hypothetically) and remove each key from there manually, or, I could have the ability to run this tool using cron on each server, and upon removal of that key in Launchpad, the tool would detect the removal (through a crude or intelligent manner) and automatically remove my key, securing all of my systems automatically.
I could easily use this tool with cron to just remove all of my keys and reimport them regularly using this, but then there is a nonzero gap where, if I need to access a server and I SSH just at the wrong time, could cause confusion on my part thinking this isn't working.
| Simon Quigley (tsimonq2) wrote | #1 |
| Scott Moser (smoser) wrote | #2 |
| Changed in ssh-import-id: | |
| importance: | Undecided → Wishlist |
| status: | New → Triaged |
Better yet, a daemon could be created to automatically do this once an LP user changes the keys on their account.
(cron would work but this would make it even more feature-rich)