[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Semi-automated sync to vittoria -- SSH key management


I'm following up on issue #13 in our ansible bug tracker [1] about
setting up a semi-automated sync to vittoria.

During confs and mini-confs, we need to be able to sync files from the
voctomix (live video mixer) machines in the rooms to Vittoria.

Currently, the way we do it is that a member of the videoteam group adds
temporary SSH keys to their Debian account for that machine.

What we would like to do is to be able to add restricted SSH keys,
allowed to access the sreview user, in the form of:

command="/srv/sreview.debian.org/home/bin/rrsync -wo
ssh-rsa AAAAB[...]KYl videoteam@voctomixXY

The actual sync is done via a CLI script (which is a basic rsync
wrapper) that can be found here [2]. The rrsync script is directly
gunzipped from rsync's documentation.

It seems that 1 year ago when Wouter approached DSA on IRC, you seemed
open to the ideas as long as the authorized keys changes were done
through a command line interface rather than through a webinterface.

Modifying the authorized_keys file would be done manually by a member of
the team at the beginning of each conference.


[1]: https://salsa.debian.org/debconf-video-team/ansible/issues/13

  ⣾⠁⢠⠒⠀⣿⡁  Louis-Philippe Véronneau
  ⢿⡄⠘⠷⠚⠋   pollo@debian.org / veronneau.org

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: