On Thu, Jul 26, 2012, Andy Doan wrote:
One question: Does this script have the logic to remove users if they get removed from the LP group, or is that a manual step?
It doesn't add/remove/merge, it just replaces the authorized_keys wholesale with a new version.
If you're worried and would like to make sure certain keys get included, you can easily extend this to concatenate a set of fixed keys; e.g. create a ~/bin/my-ssh-keys script which runs: cat ~/.ssh/authorized_keys.prepend lp-members-sshkeys --sshkeys linaro-access-team
and then call it from cron: @hourly cd linaro-its-tools && bzr pull >/dev/null 2>&1 && PATH="$PATH:`pwd`" && update-ssh-keys ~/bin/my-ssh-keys
Another good idea is to have SSH keys on the root account as a mean to recover from issues on the regular user account.