{ "info": { "author": "Zach White", "author_email": "zwhite@darkstar.frop.org", "bugtrack_url": null, "classifiers": [ "Development Status :: 5 - Production/Stable", "Intended Audience :: Developers", "Intended Audience :: System Administrators", "License :: OSI Approved :: MIT License", "Natural Language :: English", "Operating System :: POSIX :: BSD", "Operating System :: POSIX :: BSD :: FreeBSD", "Operating System :: POSIX :: BSD :: NetBSD", "Operating System :: POSIX :: BSD :: OpenBSD", "Operating System :: POSIX :: Linux", "Programming Language :: Python", "Programming Language :: Python :: 2", "Programming Language :: Python :: 2.7", "Topic :: System", "Topic :: System :: Recovery Tools", "Topic :: System :: Systems Administration" ], "description": "Keyholer - Simple SSH key management for shell servers\n======================================================\n\nKeyholer is a web application that will allow your users to add an SSH key\nto their authorized_keys file so they can gain access to a system they don't\notherwise have an SSH key for. It attempts to do so in as secure a fashion\nas possible.\n\nUser Flow/Process:\n------------------\n\n1. User visits keyholer-web\n2. User enters their username, presses submit\n 1. keyholer-web submits command to keyholerd, \"login \"\n 2. keyholerd checks for ~/.phonenumber, if bad/missing return False\n 3. keyholerd generates and sends random code via SMS, return True\n 4. keyholer-web checks return value, returns error if False\n3. keyholer-web displays a verification page, user enters code from SMS\n 1. keyholer-web submits command, \"verify \"\n 2. keyholerd checks username and code, returns false if wrong\n 3. keyholerd reads the user's authorized_keys, finds list of ID's\n 4. keyholerd returns: True\\\\n\n4. keyholer-web displays the list of existing keys and an for a new key\n5. User pastes a new key into the textarea, clicks Submit\n 1. keyholer-web submits command, \"add_key \"\n 2. keyholerd makes sure the code is valid, if not return False\n 3. keyholerd makes sure the ssh_key is valid, if not return False\n 4. keyholerd adds the key to the user's authorized_keys file\n 5. keyholerd sends an sms to admin_user for alert/audit purposes\n\nInstallation:\n-------------\n\nThere are two pieces that need to be running; keyholerd and the web frontend.\nYou can use systemd, runit, screen, or any other daemon management strategy\nyou'd like. Despite the name keyholerd does not currently support running in\nthe background as a daemon.\n\nTo run the web component you can use your favorite WSGI stack. My personal\nsetup uses nginx to proxy the requests back to a gunicorn app server.\n\nSecurity\n--------\n\nAs this software interacts with a number of security sensitive subsystems, you\nshould take great care when installing it.\n\nThe keyholerd program must run as root so that it can write to users'\nauthorized_keys files. You should run the web component as a dedicated\nnon-priviledged user.\n\nThe user's .phonenumber files must be owned by that user and chmod'd 600 or\nkeyholerd will not consider that a valid user.\n\nThe user's authorized_keys file must already exist or keyholerd will not\nconsider that a valid user.\n\nAll submitted keys are verified using \"ssh-keygen -l\" before being added\nto an authorized_keys file.\n\nConfiguration\n-------------\n\nKeyholer requires a configuration file. You can find a sample config in\netc/keyholer.conf.example. You should install your configuration as\n/etc/keyholer.conf and it must be valid JSON.\n\n* admin_user\n * The username of the server's owner. This user will get SMS's anytime a user's password is reset\n* web_user\n * The username the web app will run as\n* group\n * The group for the web_user\n* socket\n * The path for the socket the frontend uses to communicate with the backend. This directory must be owned by **web_user:group** and be mode 700. If if does not exist it will be created by keyholerd.\n* sms_number\n * The phone number that codes will be sent from\n* token_ttl\n * How many seconds a token is good for. Defaults to 300 (5 minutes)\n* twilio_sid\n * The account sid for your twilio account\n* twilio_token\n * The AuthToken for your twilio account\n\nTwilio\n------\n\nSign up for an account, register a phone number, and get your auth_token and\nsid at their website:\n\n http://twilio.com\n\nThis is required to send the code via SMS.\n\nsystemd\n-------\n\nIf you are on a system which uses systemd as the init system, you will find\nfiles that can be used to start keyholer at boot time in etc/systemd. Simply\ncopy those files to /usr/lib/systemd/system and enable the service::\n\n # systemctl enable keyholer.service\n # systemctl enable keyholer-web.service\n # /bin/systemctl start keyholer.service\n # /bin/systemctl start keyholer-web.service\n\n\nInitial development\n===================\nZach White \n-------------------------------------\n\nOther contributers\n------------------\n\n* (Your name could be here!)\n\n\nCHANGELOG\n*********\n\n2014 Sep 8: 0.7.2\n=================\n\nZach White \n-------------------------------------\n\n* Fix formatting for CHANGELOG.rst\n\n2014 Sep 8: 0.7.1\n=================\n\nZach White \n-------------------------------------\n\n* Add a script to manage test/release\n* Add argparse support to keyholerd so a user can override the config\n* Create --write-config option to write the configuration to /etc/keyholer.conf\n\n2014 Sep 5: 0.7.0\n=================\n\nZach White \n-------------------------------------\n\n* Initial release", "description_content_type": null, "docs_url": null, "download_url": "UNKNOWN", "downloads": { "last_day": -1, "last_month": -1, "last_week": -1 }, "home_page": "http://zwhite.github.io/keyholer", "keywords": null, "license": "MIT", "maintainer": null, "maintainer_email": null, "name": "keyholer", "package_url": "https://pypi.org/project/keyholer/", "platform": "UNKNOWN", "project_url": "https://pypi.org/project/keyholer/", "project_urls": { "Download": "UNKNOWN", "Homepage": "http://zwhite.github.io/keyholer" }, "release_url": "https://pypi.org/project/keyholer/0.7.2/", "requires_dist": null, "requires_python": null, "summary": "Simple SSH key management for shell servers", "version": "0.7.2" }, "last_serial": 1217168, "releases": { "0.7.0": [ { "comment_text": "", "digests": { "md5": "f2fb9415e51476ec0f348728bc697d4c", "sha256": "b64b2025d37b5b9bc0fa42b37528f3afb404f3b3d987cd93b248424b64d5b83c" }, "downloads": -1, "filename": "keyholer-0.7.0-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "f2fb9415e51476ec0f348728bc697d4c", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 13419, "upload_time": "2014-09-08T14:43:57", "url": "https://files.pythonhosted.org/packages/06/f4/aa495e4113c989ac3fa72541f998f3b0a73b4459e15eafd1e68790eaaa79/keyholer-0.7.0-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "47b350ed2fec28b275ebdaaecda1ed8a", "sha256": "b0137be2b9f7065256d58be693c81e476d6e417b4fdf7271f6f7383c9b2e323c" }, "downloads": -1, "filename": "keyholer-0.7.0.tar.gz", "has_sig": false, "md5_digest": "47b350ed2fec28b275ebdaaecda1ed8a", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 10345, "upload_time": "2014-09-08T14:43:48", "url": "https://files.pythonhosted.org/packages/d8/bd/25d37009360d399a6913b6cdcc48a5808d078784360277e607aec5c58ab7/keyholer-0.7.0.tar.gz" } ], "0.7.1": [ { "comment_text": "", "digests": { "md5": "0ec22dd2999822ece7a67e836b38f69a", "sha256": "855babee9ff9f6ad2033757fc6c0461fa8cf03848cffc6a64afad7af581057f2" }, "downloads": -1, "filename": "keyholer-0.7.1-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "0ec22dd2999822ece7a67e836b38f69a", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 14919, "upload_time": "2014-09-08T16:37:12", "url": "https://files.pythonhosted.org/packages/9a/d5/029d114fcc3fa892690093f13f3e36992a941f5a2273bf788dd6df675f9f/keyholer-0.7.1-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "9e5bdb7edad87b5d52c7eff8513888fd", "sha256": "eb3f757ff8fbc064755375416c23d6740057282ada62bec60cc940762e1e6ae7" }, "downloads": -1, "filename": "keyholer-0.7.1.tar.gz", "has_sig": false, "md5_digest": "9e5bdb7edad87b5d52c7eff8513888fd", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11419, "upload_time": "2014-09-08T16:37:09", "url": "https://files.pythonhosted.org/packages/14/39/d05f705a1e695ff85b5f6b767d3c660c5f8ae8f7fa9d429ab9b545b6fc5d/keyholer-0.7.1.tar.gz" } ], "0.7.2": [ { "comment_text": "", "digests": { "md5": "84b8b4ca277c83844801fb47b6548d64", "sha256": "e5b57b3c9f79591324fbad6c50daea8dc609eb2bc5bba9f2f4c93ddc9c98cdc1" }, "downloads": -1, "filename": "keyholer-0.7.2-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "84b8b4ca277c83844801fb47b6548d64", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 14968, "upload_time": "2014-09-08T16:44:26", "url": "https://files.pythonhosted.org/packages/39/06/fec7d0e623ef9bb31c349f89f35b86d267d759f42f80b3f32bfcbf87d67c/keyholer-0.7.2-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "987d6707cf1f616485616f2c36e907ba", "sha256": "4ae9000a42ff25403476730113edd58c1a762e11ddae14a24f45504182d9fa0a" }, "downloads": -1, "filename": "keyholer-0.7.2.tar.gz", "has_sig": false, "md5_digest": "987d6707cf1f616485616f2c36e907ba", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11455, "upload_time": "2014-09-08T16:44:23", "url": "https://files.pythonhosted.org/packages/1f/ee/cd5e53e0e2d4d3c4c0d70de1400f6f1420686815123c348d206c9eea25c9/keyholer-0.7.2.tar.gz" } ] }, "urls": [ { "comment_text": "", "digests": { "md5": "84b8b4ca277c83844801fb47b6548d64", "sha256": "e5b57b3c9f79591324fbad6c50daea8dc609eb2bc5bba9f2f4c93ddc9c98cdc1" }, "downloads": -1, "filename": "keyholer-0.7.2-py2.py3-none-any.whl", "has_sig": false, "md5_digest": "84b8b4ca277c83844801fb47b6548d64", "packagetype": "bdist_wheel", "python_version": "2.7", "requires_python": null, "size": 14968, "upload_time": "2014-09-08T16:44:26", "url": "https://files.pythonhosted.org/packages/39/06/fec7d0e623ef9bb31c349f89f35b86d267d759f42f80b3f32bfcbf87d67c/keyholer-0.7.2-py2.py3-none-any.whl" }, { "comment_text": "", "digests": { "md5": "987d6707cf1f616485616f2c36e907ba", "sha256": "4ae9000a42ff25403476730113edd58c1a762e11ddae14a24f45504182d9fa0a" }, "downloads": -1, "filename": "keyholer-0.7.2.tar.gz", "has_sig": false, "md5_digest": "987d6707cf1f616485616f2c36e907ba", "packagetype": "sdist", "python_version": "source", "requires_python": null, "size": 11455, "upload_time": "2014-09-08T16:44:23", "url": "https://files.pythonhosted.org/packages/1f/ee/cd5e53e0e2d4d3c4c0d70de1400f6f1420686815123c348d206c9eea25c9/keyholer-0.7.2.tar.gz" } ] }