[BlueOnyx:15101] Re: Securing against invading spammers

[Michael Stauber]

Hi Brian,

> Thanks Michael.  Can this information get into a help file someplace in the
> UI?

We're in the process of setting up a BlueOnyx Wiki. The new GUI will
also have links in its GUI pages to matching topics on the Wiki. So this
is certainly something that ought to get added there in the somewhat
longer run.

> Recall the questions I had about getting sshkey auth to work in BlueOnyx as
> would be expected for a typical *nix user on a typical distro, a while
> back. 

Actually the SSH key exchange works the very same as on any other Linux
distribution. But this is also something I'm currently working on:

A GUI that allows to create and manage SSH keys. As you know, there are
two ways how you can do key based logins. One is by creating a private
and public key. Then you add the public key of the host you want to
grant access to your servers ~.ssh/authorized_keys.

Then there is a mechanism that works the other way around: You create a
public and private key on the server. Then you use the *.PEM file with
the public key as parameter on the box from which you want to SSH.

The new SSH GUI will support both. I'll also be looking into an expiry
mechanism. SSH keys can have an expiry date, but in my tests that didn't
seem to work and I was able to use *.PEM file based logins way past the
configured expiry date. But I can handle that in another way via
cronjobs and CCE constructors.

I'm also looking into a way of making it possible to provide GUI access
via *.PEM certificates as an additional (optional) alternative to
username/password based logins. But that's sort of a long term goal that
needs a pretty thorough peer review before I release it.

-- 
With best regards

Michael Stauber