Open tlhackque opened 1 year ago
Note that inotify
could also be used to detect new off-box SSL certificate delivery.
Having to ssh into the box to activate new certificates can be difficult to incorporate in automatic renewal systems.
Also, logout should be available for exiting the command shell.
Easy enough. Note 'quit' also works already as does Ctrl-C
.
Also, logout should be available for exiting the command shell. Easy enough. Note 'quit' also works already as does
Ctrl-C
.
On that note; Ctrl-D
does not work to logout (which it probably should).
Copying a new
authorized_keys
file to the server should suffice to update it;ssh authkeys
is unnecessary.scp is secured by the same mechanism(s) as logging-in, so forcing login to run
ssh authkeys
adds no security, but is inconvenient (and different from any other ssh server).The server can use
inotify
(man 7 inotify
) to be told when a new file is delivered to the dropbox, or compare themtime
on the dropbox file to the activeauthorized_keys
periodically. Needn't be very frequent - anything less that every 5 minutes would be tolerable. (But inotify is both more efficient and more responsive.)Also,
logout
should be available for exiting the command shell. Pretty much every other device (from servers to routers) useslogout
, so that's what a user with any experience will expect. It could be an alias/alternate for the currentexit
command for compatibility with the current scheme.