Ever thought that there should be an automated way to handle ssh -keys? Do you know the administrators of your servers, and wish that -SSH could verify new host keys from them automatically, based on your -personal connections to the web-of-trust? Do you wish you could -revoke and/or rotate your old SSH authentication keys without having -to log into every single machine you have an account on?
- -Do you administer servers, and wish you could re-key them without -sowing massive confusion among your users (or worse, encouraging bad -security habits among them)? Do you wish you could grant access to -your users by name, instead of by opaque string? Do you wish you -could rapidly revoke access to a user (or compromised key) across a -group of machines by disabling authentication for that user?
- -A group of us have been working on a public key infrastructure for
-SSH. Monkeysphere makes use
-of the existing OpenPGP web-of-trust to fetch and cryptographically
-validate (and revoke!) keys. This works in both direction:
-authorized_keys and known_hosts are
-handled. Monkeysphere gives users and admins tools to deal with SSH
-keys by thinking about the people and machines to whom the keys
-belong, instead of requiring humans to do tedious (and error-prone)
-manual key verification.
We have debian -packages available which should install against lenny (for i386, -amd64, powerpc, and arm architectures at the moment), a mailing -list, and open ears for good questions, suggestions and -criticism.
- -If you have a chance to give it a try (as a -user or as an -admin), it would be great to get -feedback.
- -