[Python-Dev] Collecting SSH keys

"Martin v. Löwis" martin at v.loewis.de
Mon Aug 22 16:20:37 CEST 2005

Stephen J. Turnbull wrote:
> On cvs.xemacs.org (aka SunSITE.dk) ssh+cvs access with cvs access
> control being handled by a Perl script scales to approximately 85
> users.  I don't handle key management directly, but I believe several
> users use multiple keys (I don't personally).  I've never heard any
> complaints from the guys who actually do key management; they just
> keep authorized_keys in alphabetical order by comment (= user's real
> name).  Nor do I notice any authorization overhead vs. a simple ssh
> login when accessing the cvs server.[1]  Evidently the "what keys do
> you  have?" negotiation with the agent takes very little time (in
> terms of what a human can notice).

That's encouraging; I'm willing to proceed with that approach then.
As for key management: I just designed an infrastructure where
~pythondev/keys is a directory containing files named, say
"Martin v. Loewis" (with spaces, ASCII only); the contents of
the files are just the public keys. I run then make_authorized_keys,
which regenerates the authorized_keys2 file, adding all the
command= lines. This avoids editing authorized_keys2 in a text


More information about the Python-Dev mailing list