Page MenuHomePhabricator

Generate SSH keys for users
Closed, ResolvedPublic

Description

  • In Settings > SSH Keys, it would be convenient to be able to generate SSH keys for users. In this case, we'd give them the private key (and not store it) and record the public key as attached to their account.
  • In Passphrase, it would be convenient to do the opposite: generate private SSH keys for users, and give them the public keys (so they could, e.g., copy-paste it to GitHub or whatever).
  • In Passpharse, it would also be nice to have a button to download the public key for any private key, since the public key is derivable.

Event Timeline

epriestley raised the priority of this task from to Normal.
epriestley updated the task description. (Show Details)
epriestley added projects: Auth, Passphrase.
epriestley added subscribers: epriestley, zeeg.
zeeg added a comment.Mar 11 2014, 9:18 PM

+1 on an API method to do this as well so we could automate the world

epriestley edited this Maniphest Task.Mar 13 2014, 12:00 AM
epriestley edited this Maniphest Task.Mar 13 2014, 12:45 AM

Can you walk me through the API method version of this? Who is calling the API method, and when?

In the GitHub case, Passphrase stores secrets and we can't extract secrets (in this case, private keys) from GitHub.

We can get public keys over the API for the purposes of the "SSH Keys" panel, but the API doesn't have the key names, so users with more than one key can't distinguish between them. I'm hesitant to pursue this since it's going to be messy, hard-coded, and hard to use in the common case. If you look at my keys, there's no way to tell which is which:

https://api.github.com/users/epriestley/keys

It looks like if we have an OAuth session we can get some more information, but only about one key at a time. So this is like five levels of mess for a questionably-useful feature; I'm not inclined to pursue it unless we get more weight behind requests for it.

epriestley assigned this task to zeeg.Mar 14 2014, 1:35 AM
epriestley closed this task as Resolved.Mar 27 2014, 8:37 PM

Yell at me with a clearer use case if you want the API junk, not sure exactly what it should look like.

GHC would also find support for importing keys from Github useful; we are currently working on rolling out a Diffusion-hosted staging area for use with Harbormaster but the need for contributors to submit their key to yet another Phab feels like unnecessary friction.