One interesting idea for managing many different nodes enabled ssh public keys is to investigate using SSH's AuthorizedKeysCommand parameter. This lets you dynamically generate a list of allowed public keys for a given user from a script.
One simple example is, you can keep a database table with a row like: username, public key, active. Then, a script could print out all the public keys that are active for a given user. Maybe you even have an expiration time as a column?
A cute example I tried last night was, in addition to some "hard-coded" public keys in one of my authorized_keys files, I have sshd dynamically fetch my Github public keys and allow those, too.
This isn't really important or needed anytime soon. Just an interesting idea, I think. Maybe it's easier than managing a huge authorized_keys file. It could also dynamically print out things like commands / port restrictions, too, so all those details could be traced back to a single source.
One interesting idea for managing many different nodes enabled ssh public keys is to investigate using SSH's AuthorizedKeysCommand parameter. This lets you dynamically generate a list of allowed public keys for a given user from a script.
One simple example is, you can keep a database table with a row like: username, public key, active. Then, a script could print out all the public keys that are active for a given user. Maybe you even have an expiration time as a column?
A cute example I tried last night was, in addition to some "hard-coded" public keys in one of my authorized_keys files, I have sshd dynamically fetch my Github public keys and allow those, too.
This isn't really important or needed anytime soon. Just an interesting idea, I think. Maybe it's easier than managing a huge authorized_keys file. It could also dynamically print out things like commands / port restrictions, too, so all those details could be traced back to a single source.