SSH Manager - manage authorized_keys file on remote servers

Overview

SSH Manager - manage authorized_key file on remote servers

This is a simple tool that I came up after having to on-boarding and off-boarding developers on a very colourful palette of environments from AWS to 3rd party hosting providers.

As every one of my creations this tool is solving my problem. It does not warranty your problem will be solved, but in that highly unlikely event please let me know, fixes and pull requests, issues are all very welcome without again the promise that I'll do anything, I'm normally really busy, apologies.

Installation

$ go get github.com/shoobyban/sshman

How does it work?

First of all, from where you will run this tool, you need to be able to access to the server, on a port, with a working ssh key (that you don't want to share with anybody else). First, think about your groups (if you need this feature), limiting users into group of servers, like live-servers, staging-servers, production etc. This is optional, and any time you can re-register the user with new groups (as long as you have their public key file, note to myself I have that info in the system, small todo). You register the server into the registry with an alias (and the groups where the server belongs), if you have user ssh .pub keys (this is optional) register users with their key file and email address (optionally with the user's groups). After having a few servers defined (and optionally users) you can run auto discovery.

Configuration will be saved into ~/.ssh/.ssmman, if you need to move tool to any other server, copy this and the binary and you are set up. Configuration will not have any secure information.

Usage

Registering Servers

First, you need servers, that you can already access, with ~/.ssh/authorized_keys files on the server. Password auth doesn't count.

To register a server, the syntax is

sshman register server {alias} {server_address:port} {user} {~/.ssh/working_keyfile.pub} [group1 group2 ...]

Where groups are optional, it helps when you have several user roles or you want to limit users to certain servers.

Registering a server for example:

$ sshman register server google my.google.com:22 myuser ~/.ssh/google.pub deploy hosting google

google will be my alias, it will access my.google.com on port 22, with myuser user using ~/.ssh/google.pub from the current user.

Registering Users

This is optional if you already have all the users on the servers and you just want to be able to move them around or delete them, auto discovery will auto-register the users for you, but adding new users will require this step.

Syntax is

sshman register user {email} {sshkey.pub} [group1 group2 ...]

For example:

$ sshman register user [email protected] ~/.ssh/user1.pub production-team staging-servers

Auto Discovery users on registered servers

To run auto discovery users on registered servers, or to refresh the configuration if any 3rd party has changed ~/.ssh/authorized_keys files, run:

$ sshman update

Adding user to server

After registering user with email, key file and groups, uploading the user to the servers that the user can access:

$ sshman add [email protected]

This command will add user's key to all ~/.ssh/authorized_keys files on the servers that groups allow.

If there is no group information for the user, you will give access to all servers.

Deleting user from servers

Any existing user can be deleted from all ~/.ssh/authorized_keys files from all servers by running

$ sshman add [email protected]

This will remove the entries from the servers but keep user information in configuration for further modification.

Listing who's on what server

$ sshman list auth

This will display server alias -> email list mapping, easy to grep or add to reports.

Listing what user and server is in what group

Easier to explain this with an example scenario:

$ sshman list groups
production-team servers: [client1.live live2 server3 client1.uat]
production-team users: [[email protected] [email protected]]
dev-team servers: [staging.test.com client1.staging]
dev-team users: [[email protected] [email protected] [email protected]]

Notice that group alias is in every line with "servers" and "users" for using grep on the list.

Listing registered servers

Lists server aliases, what server/port, server is in what groups.

$ sshman list servers
client1.staging        	staging.client1.com:22              [production-team dev-team]
client1.uat        	    uat.client1.com:22               	[production-team dev-team]
client1.live        	www.client1.com:22               	[production-team]

Listing registered users with groups

$ sshman list users

Will return a mapping of email to groups.

(Possible) Future Plans

  • Reuse stored ssh key for modifying user
  • Registering server to download information without the need of running update
  • Testing connection after creating authorized_keys entry
  • Tests, refactor for testability
  • Group management commands like addgroup (will reupload all group users to group servers)
  • Complete CRUD for missing use cases
  • More backend
  • Registering using password auth
  • Text UI
  • Web interface
Releases(1.2.0)
Owner
Sam Ban
E-commerce geek, agency CTO, gopher
Sam Ban
Go session management for web servers (including support for Google App Engine - GAE).

Session The Go standard library includes a nice http server, but unfortunately it lacks a very basic and important feature: HTTP session management. T

András Belicza 107 Jun 1, 2022
A dead simple, highly performant, highly customizable sessions middleware for go http servers.

If you're interested in jwt's, see my jwt library! Sessions A dead simple, highly performant, highly customizable sessions service for go http servers

Adam Hanna 65 May 4, 2022
A set of tests to check compliance with the Prometheus Remote Write specification

Prometheus Compliance Tests This repo contains code to test compliance with various Prometheus standards. PromQL The promql directory contains code to

Prometheus 92 Jun 7, 2022
🍍Jeff provides the simplest way to manage web sessions in Go.

jeff A tool for managing login sessions in Go. Motivation I was looking for a simple session management wrapper for Go and from what I could tell ther

Alan Braithwaite 238 May 9, 2022
uber's ssh certificate pam module

Uber's SSH certificate pam module. This is a pam module that will authenticate a user based on them having an ssh certificate in their ssh-agent signe

Uber Open Source 763 Jun 29, 2022
Certificate authority and access plane for SSH, Kubernetes, web applications, and databases

Teleport is an identity-aware, multi-protocol access proxy which understands SSH, HTTPS, Kubernetes API, MySQL and PostgreSQL wire protocols.

Teleport 12k Jun 23, 2022
A tool to manage accounts and codes of Google Authenticator.

A tool to manage accounts and codes of Google Authenticator.

Jormin 5 Sep 10, 2021
K8s controller to manage the aws-auth configmap

aws-auth-manager A kuberneres controller to manage the aws-auth configmap in EKS using a new AWSAuthItem CRD. The aws-auth configmap is used to give R

Matteo Ruina 12 Jun 19, 2022
Interactive package manager and resource monitor designed for the GNU/Linux.

pkgtop is an interactive package manager & resource monitor tool designed for the GNU/Linux. Package management (install/upgrade/remove etc.) can be a

Orhun Parmaksız 244 Jul 1, 2022
A demo using go and redis to implement a token manager

使用go-redis实现一个令牌管理器 需求描述 假设我们当前的所有服务需要一个第三方的认证,认证形式为:在发送请求的时候带上第三方颁发的令牌,该令牌具有一个时效性 第三方的令牌可以通过某个接口获取,但是该接口做了单位时间内的同一ip的请求频率的限制,因此在并发的场景下,我们需要控制令牌获取接口的频

Yuki Chen 0 Oct 19, 2021
Go module with token package to request Azure Resource Manager and Azure Graph tokens.

azAUTH Go module with token package to request Azure Resource Manager and Azure Graph tokens. prerequisites Install azure cli: https://docs.microsoft.

Bart 1 Dec 1, 2021
Go based HTTP server with 2FA based on OTP (One-Time Password) manager like Google Authenticator

Go based HTTP server with 2FA based on OTP (One-Time Password) manager like Goog

Valentin Kuznetsov 3 Jun 4, 2022
✨ Pretty TOTP manager in your terminal

asunder Asunder, Sweet and Other Distress asunder is a small pretty command-line TOTP manager. Installation Binaries Download a binary from the releas

obscurity 3 May 14, 2022
Simple Go/Chi powered http server meant for ad hoc use such as exposing a file system for testing HTML.

httphere httphere is a simple Go/Chi powered http server for ad hoc use such as testing HTML or temporarily exposing a local file system at the curren

Mike Watkins 0 Dec 10, 2021
Control ssh access throught authorized_keys forced command

authcmd This is an attempt to port the 'only' script from MagmaSoft. The goal is

dranih 1 Jan 3, 2022
Bucket-ssh. A fuzzy ssh manager for managing and categorizing ssh connections.

Bssh is an ssh bucket for categorizing and automating ssh connections. Also, with parallel command execution and connection checks(pings) over categories (namespaces).

Furkan Aksoy 14 May 23, 2022
Awesome-italia-remote - A list of remote-friendly or full-remote companies that targets Italian talents

Awesome Italia Remote A list of remote-friendly or full-remote companies that ta

ItaliaRemote 1.2k Jul 1, 2022
Go driver for PostgreSQL over SSH. This driver can connect to postgres on a server via SSH using the local ssh-agent, password, or private-key.

pqssh Go driver for PostgreSQL over SSH. This driver can connect to postgres on a server via SSH using the local ssh-agent, password, or private-key.

mattn 47 Mar 3, 2022
Gsshrun - Running commands via ssh on the server/hosting (if ssh support) specified in the connection file

Gsshrun - Running commands via ssh on the server/hosting (if ssh support) specified in the connection file

Məhəmməd 3 Jun 9, 2022
Securely access remote devices and servers

Deviceplane is an open source device management tool for embedded systems and edge computing. It solves various infrastructure problems related to rem

Deviceplane 207 May 6, 2022
Chore is a elegant and simple tool for executing common tasks on remote servers.

Chore is a tool for executing common tasks you run on your remote servers. You can easily setup tasks for deployment, commands, and more.

Ahmed waleed 39 May 20, 2022
🔥🔥 🌈 Golang configuration,use to Viper reading from remote Nacos config systems. Viper remote for Naocs.

Viper remote for Nacos Golang configuration,use to Viper reading from remote Nacos config systems. Viper remote for Naocs. runtime_viper := viper.New(

yoyofxteam 21 May 24, 2022
Slack remote terminal - execute commands on remote host using slack slash command

slackRT Slack remote terminal - execute commands on remote host using slack slash command Installation Go to api.slack.com/apps and sign in and create

null 1 Jan 16, 2022
Easy SSH servers in Golang

gliderlabs/ssh The Glider Labs SSH server package is dope. —@bradfitz, Go team member This Go package wraps the crypto/ssh package with a higher-level

Glider Labs 2.6k Jul 1, 2022
Goconf - The rudimentary golang config tool purpose is to config PHP servers via SSH

goconf The rudimentary golang config tool purpose is to config PHP servers via S

Mohamed Badawi 0 Jan 31, 2022
rtop is an interactive, remote system monitoring tool based on SSH

rtop rtop is a remote system monitor. It connects over SSH to a remote system and displays vital system metrics (CPU, disk, memory, network). No speci

RapidLoop 2k Jun 21, 2022
Open URL in your local web browser from the SSH-connected remote environment.

opener Open URL in your local web browser from the SSH-connected remote environment. How does opener work? opener is a daemon process that runs locall

Kazuki Suda 54 Jun 24, 2022
Simple HTTP tunnel using SSH remote port forwarding

Simple HTTP tunnel using SSH remote port forwarding

Skye L. 20 Apr 17, 2022
EasyAgent is an infrastructure component, applied to manage the life-cycle of services on the remote host.

Easyagent English | 中文 介绍 easyagent是在袋鼠云内部广泛使用的基础架构组件,最佳应用场景包括ELK体系beats等数据采集器的管控和配置管理、数栈体系自动化部署等 基本原理 easyagent主要有sidecar和server两个组件,sidecar部署在主机端,si

袋鼠云 18 Jun 27, 2022