Home My Page Projects FusionForge
Summary Activity Forums Tracker Lists News SCM Files Mediawiki Hudson/Jenkins

[#382] Show to user whether ssh key in database was written to disk (or still pending)

2012-04-03 16:10
Submitted by:
Marcel Baur (relish)
Assigned to:
Franck Villaume (nerville)
Target release:
Show to user whether ssh key in database was written to disk (or still pending)

Detailed description
Three issues related to ssh keys:

1. SSH keys are stored in /var/lib/gforge/chroot/home/users/username/.ssh/authorized_keys
There is a cronjob that writes keys uploaded through the web back to disk.

The cronjob is only executed every x minutes or so. The user has no idea, whether the ssh keys were already updated or not. Somehow expose this information to user. Maybe a warning that "ssh key was not yet updated on disk" or something.

We had a few support requests where the cronjob died and the ssh key was never updated on disk.
Having a clear picture whether the key on disk is consistent with mysql would simplify debugging.

This will probably require a new database field that tracks whether the key was updated or not and needs to be written to disk.

2. Second, authorized_keys file is updated even if ssh keys were not changed. This causes a lot of traffic if system is being backed up using rsync (timestamp change). There is no need to update authorized_keys if the key was not changed.

3. Lastly, it would be nice to show key fingerprints to the user. This can be done by calling
ssh-keygen -lf /var/lib/gforge/chroot/home/users/username/.ssh/authorized_keys

Message  ↓
Date: 2012-06-10 18:06
Sender: Franck Villaume

Uploaded date is now available in trunk r15712.

Warning, it needs a complete db migration.

authorized_keys file is now modified only if there are new or to be deleted keys.

Date: 2012-06-10 12:19
Sender: Franck Villaume

svn commit r15705 in trunk implement at least per key :
- fingerprint
- name
- algorithm
- deployment status

Date: 2012-04-09 08:30
Sender: Franck Villaume

basicaly, we need a real rewrite of the way authorized_keys is handle in fusionforge.... currently, all keys are store in one column ... the way you configure your keys is just ugly.
But it currently works.

Field Old Value Date By
status_idOpen2012-06-10 18:06nerville
close_dateNone2012-06-10 18:06nerville
ResolutionNone2012-06-10 18:06nerville
Target releasetrunk2012-06-10 12:19nerville
DifficultyNone2012-04-09 08:30nerville
Target releaseNone2012-04-09 08:30nerville
assigned_tonone2012-04-09 08:30nerville