I have too many machines floating around, some virtual, some physical, and they’re getting added and removed semi-frequently as I play around with different tools/try out ideas. One recurring pain point is I have no easy way to manage SSH keys around them, and it’s a pain to deal with adding/removing/cycling keys. I know I can use AuthorizedKeysCommand on sshd_config to make the system fetch a remote key for validation, I know I could theoretically publish my pub key to github or alike, but I’m wondering if there’s something more flexible/powerful where I can manage multiple users (essentially roles) such that each machine can be assigned a role and automatically allow access accordingly?
I’ve seen Keyper before, but the container haven’t been updated for years, and the support discord owner actively kicks everyone from the server, even after asking questions.
Is there any other solution out there that would streamline this process a bit?
Sometimes the obvious solution is the way to go.
Your idea sounds good to go ahead and publish your pubkey(s) to fully public URL you control and can memorize.
Then you can stash or memorize the curl command needed to grab it (them) and authorize something to it (them).
A lot of more complicated solutions are just fancy ways to safely move private keys around.
For my private keys, I prefer to generate a new one for each use case, and throw them out when I’m done with them. That way I don’t need a solution to move, share or store them.
Edit: Full disclosure - I do also use Ansible to deploy my public keys.