ssh authkeys should not be necessary

[tlhackque]

Copying a new authorized_keys file to the server should suffice to update it; ssh authkeys is unnecessary.

scp is secured by the same mechanism(s) as logging-in, so forcing login to run ssh authkeys adds no security, but is inconvenient (and different from any other ssh server).

The server can use inotify (man 7 inotify) to be told when a new file is delivered to the dropbox, or compare the mtime on the dropbox file to the active authorized_keys periodically. Needn't be very frequent - anything less that every 5 minutes would be tolerable. (But inotify is both more efficient and more responsive.)

Also, logout should be available for exiting the command shell. Pretty much every other device (from servers to routers) uses logout, so that's what a user with any experience will expect. It could be an alias/alternate for the current exit command for compatibility with the current scheme.

[tlhackque]

Note that inotify could also be used to detect new off-box SSL certificate delivery.

Having to ssh into the box to activate new certificates can be difficult to incorporate in automatic renewal systems.

[dave4445]

Also, logout should be available for exiting the command shell.

Easy enough. Note 'quit' also works already as does Ctrl-C.

[joachimtingvold]

Also, logout should be available for exiting the command shell. Easy enough. Note 'quit' also works already as does Ctrl-C.

On that note; Ctrl-D does not work to logout (which it probably should).