On 07/26/2012 10:15 AM, Loïc Minier wrote:
On Thu, Jul 26, 2012, Andy Doan wrote:
One question: Does this script have the logic to remove users if they get removed from the LP group, or is that a manual step?
It doesn't add/remove/merge, it just replaces the authorized_keys wholesale with a new version.
If you're worried and would like to make sure certain keys get included, you can easily extend this to concatenate a set of fixed keys; e.g. create a ~/bin/my-ssh-keys script which runs: cat ~/.ssh/authorized_keys.prepend lp-members-sshkeys --sshkeys linaro-access-team
and then call it from cron: @hourly cd linaro-its-tools && bzr pull >/dev/null 2>&1 && PATH="$PATH:`pwd`" && update-ssh-keys ~/bin/my-ssh-keys
Another good idea is to have SSH keys on the root account as a mean to recover from issues on the regular user account.
I see how your usage is now. I've just made a one-off script to yours here:
http://bazaar.launchpad.net/~doanac/+junk/linaro-its-tools/view/head:/lp-manage-local
This takes users from a given LP group and syncs them to a local account. I've started it on our new server and it seems to be working smoothly so far. Not sure if you are interested in this or not.