Page MenuHomePhabricator
Create Task
Maniphest T4587

Generate SSH keys for users
Closed, ResolvedPublic
Actions

Description

  • In Settings > SSH Keys, it would be convenient to be able to generate SSH keys for users. In this case, we'd give them the private key (and not store it) and record the public key as attached to their account.
  • In Passphrase, it would be convenient to do the opposite: generate private SSH keys for users, and give them the public keys (so they could, e.g., copy-paste it to GitHub or whatever).
  • In Passpharse, it would also be nice to have a button to download the public key for any private key, since the public key is derivable.

Revisions and Commits

rP Phabricator
ClosedD8515 Allow Passphrase to generate SSH keypairs and extact public keys from private keys
ClosedD8513 Add a "Generate Keypair" option on the SSH Keys panel

Related Objects

Event Timeline

epriestley created this task.Mar 11 2014, 9:17 PM
epriestley raised the priority of this task from to Normal.
epriestley updated the task description. (Show Details)
epriestley added projects: Auth, Passphrase.
epriestley added subscribers: epriestley, zeeg.
zeeg added a comment.Mar 11 2014, 9:18 PM

+1 on an API method to do this as well so we could automate the world

dctrwatson added a subscriber: dctrwatson.Mar 12 2014, 11:15 PM
epriestley edited this Maniphest Task.Mar 13 2014, 12:00 AM
epriestley edited this Maniphest Task.Mar 13 2014, 12:45 AM
epriestley added a comment.Mar 13 2014, 12:46 AM

Can you walk me through the API method version of this? Who is calling the API method, and when?

epriestley added a comment.Mar 13 2014, 1:01 AM

In the GitHub case, Passphrase stores secrets and we can't extract secrets (in this case, private keys) from GitHub.

We can get public keys over the API for the purposes of the "SSH Keys" panel, but the API doesn't have the key names, so users with more than one key can't distinguish between them. I'm hesitant to pursue this since it's going to be messy, hard-coded, and hard to use in the common case. If you look at my keys, there's no way to tell which is which:

https://api.github.com/users/epriestley/keys

It looks like if we have an OAuth session we can get some more information, but only about one key at a time. So this is like five levels of mess for a questionably-useful feature; I'm not inclined to pursue it unless we get more weight behind requests for it.

epriestley assigned this task to zeeg.Mar 14 2014, 1:35 AM
epriestley closed this task as Resolved.Mar 27 2014, 8:37 PM

Yell at me with a clearer use case if you want the API junk, not sure exactly what it should look like.

guywarner2 added a subscriber: guywarner2.Apr 7 2014, 4:02 PM
epriestley mentioned this in T6484: Conduit API for SSH key retreival.Nov 6 2014, 9:52 PM
bgamari added a subscriber: bgamari.Aug 25 2016, 7:12 PM

GHC would also find support for importing keys from Github useful; we are currently working on rolling out a Diffusion-hosted staging area for use with Harbormaster but the need for contributors to submit their key to yet another Phab feels like unnecessary friction.

Herald added a subscriber: eadler. · View Herald TranscriptAug 25 2016, 7:12 PM
Phabricator · Built by Phacility