kudos/ssh_controls
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Doc update

Browse Source
This commit is contained in:
patvdv 2018-11-03 16:59:22 +01:00
parent a99decbf95
commit ff9f1b3f93
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@ -1,7 +1,8 @@
# SSH Controls <p align="center"><img src="logo.png" alt="SSH Controls Logo"></p>
SSH Controls is a light-weight SSH **public key** distribution & management framework SSH Controls is a light-weight SSH **public key** distribution & management framework
* uses a **desired state** model: SSH Controls pushes public keys from a key master (or slave) server onto client host(s) and applies them according to the central configuration. * uses a **desired state** model: SSH Controls *pushes* public keys from a key master (or slave) server onto client host(s) and applies them according to the central configuration.
* uses **SSH** as **transport** mechanism: eat your own dogfood. SSH Controls connects to client hosts through the secure path of SSH and using a public key that is under its own control. * uses **SSH** as **transport** mechanism: eat your own dogfood. SSH Controls connects to client hosts through the secure path of SSH and using a public key that is under its own control.
@ -15,12 +16,16 @@ SSH Controls is a light-weight SSH **public key** distribution & management fram
* can assign a single public key to **multiple** OS accounts: SSH Controls allows an user to log on under multiple accounts using the same key. Auditing of the connecting user and the target account is possible using fingerprinting. * can assign a single public key to **multiple** OS accounts: SSH Controls allows an user to log on under multiple accounts using the same key. Auditing of the connecting user and the target account is possible using fingerprinting.
* allows the use of (nested) **groups** in the master configuration: users, keys and hosts can be grouped in the SSH master configuration files to allow a simplified configuration. Nesting of groups is allowed up to one level deep. * allows the use of (nested) **groups** in the master configuration: users, keys and hosts can be grouped in the SSH master configuration files to allow a simplified configuration. Nesting of groups is allowed up to *5 levels* deep.
* allow the use of (nested) **groups** in the specification of the *push* targets. Either via the --targets command-line parameter or via the `targets` configuration file.
* allows compromised public keys to be **blacklisted**: SSH Controls will deny the use of public keys that have been administrative blacklisted. Blacklisting happens on the SSH master and is applied to all client hosts. * allows compromised public keys to be **blacklisted**: SSH Controls will deny the use of public keys that have been administrative blacklisted. Blacklisting happens on the SSH master and is applied to all client hosts.
* can discover host public keys to (re)create `known_hosts` file(s) for a large amount of hosts * can discover host public keys to (re)create `known_hosts` file(s) for a large amount of hosts
* supports *md5* and *sha512* fingerprint **hashes** (if the installed SSH version support these hash types)
* requires **no client agent** component and is **stateless**: SSH Controls performs operations by pushing keys or commands to client hosts. Update processes on the client hosts will only be started on-demand. If the SSH master is - for whatever reason - unavailable then active keys on a client host remain in place and logons are still possible. * requires **no client agent** component and is **stateless**: SSH Controls performs operations by pushing keys or commands to client hosts. Update processes on the client hosts will only be started on-demand. If the SSH master is - for whatever reason - unavailable then active keys on a client host remain in place and logons are still possible.
* is **easy** to **configure** and **maintain** (command-line based): the configuration is stored in a limited number of flat files and be easily updated. A very rudimentary syntax checking facility is also available to check the consistency of the most important (master) configuration files. * is **easy** to **configure** and **maintain** (command-line based): the configuration is stored in a limited number of flat files and be easily updated. A very rudimentary syntax checking facility is also available to check the consistency of the most important (master) configuration files.
@ -31,3 +36,5 @@ SSH Controls does NOT:
* manage or distribute SSH **private keys**: SSH private keys should be controlled and managed (and safeguarded!) by the actual owners. Though one could consider SSH key pairs of generic accounts (such as application accounts) as an exception, SSH Controls currently does not support the management of private keys. * manage or distribute SSH **private keys**: SSH private keys should be controlled and managed (and safeguarded!) by the actual owners. Though one could consider SSH key pairs of generic accounts (such as application accounts) as an exception, SSH Controls currently does not support the management of private keys.
More documentation can be found at http://www.kudos.be/Projects/SSH_Controls.html More documentation can be found at http://www.kudos.be/Projects/SSH_Controls.html
*Logo created with [Free Logo Maker](https://logomakr.com)*

BIN
logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 6.9 KiB