sftp icon indicating copy to clipboard operation
sftp copied to clipboard

Published 20 hours ago verified publisher icon atmoz

Add users on-the-fly and reload public ssh keys?

Open grasmanek94 opened this issue 4 years ago • 6 comments

Is it possible to add users without restarting / re-creating the docker container? If yes, how?

And: Is it possible to reload/refresh the public keys for all users at run-time? If yes, how?

grasmanek94 avatar Sep 17 '19 16:09 grasmanek94

It's not possible without custom scripts.

ismailbaskin avatar Oct 23 '19 11:10 ismailbaskin

Well that sucks. This tool looked great until this..

How about set up a 1min task that checks the users.conf file every minute, and if it has changed, re apply the configurations.

The main reason many people would be looking at this tool is because of transient and regularly changing sftp access requirements...

jamiegau avatar Nov 12 '19 05:11 jamiegau

I wish to strongly second this request.

We run atmoz/sftp in production for several key sftp servers and I do not wish to down the service for just adding a public key for a new user. Several of our CI hosts access those servers constantly and I get unneccesary fails because of a restart. Currently we add the keys to the keys directory as recommended, but as a second item we need to go into the container via docker exec -it and manually edit authorized_keys

Why is it a problem to run a cron-like second process which regulary updates the authorized_keys.

I would propose 5 minutes as a standard and provide a variable to change it through docker run.

markusdd avatar Dec 18 '19 12:12 markusdd

Is it possible to add users without restarting / re-creating the docker container? If yes, how?

And: Is it possible to reload/refresh the public keys for all users at run-time? If yes, how?

Use docker exec -it <container> bash and navigate to /home/youruser/.ssh and manually add the key to authorized_keys in addition to the keys directory.

markusdd avatar Dec 18 '19 12:12 markusdd

Maybe you could give a try to sftpgo

https://github.com/drakkan/sftpgo

you can add users on the fly using the REST API and/or the builtin Web interface

DISCLAIMER: I'm the author

drakkan avatar Dec 31 '19 09:12 drakkan

I have created a POC for this: https://github.com/atmoz/sftp/compare/master...grasmanek94:master

This is not extensively tested but seems to work.. what do you guys think?

Example file I use:

hhhh::2004::public,private
zzzzz::2005::public,private
yyyt::2006::public,private
iuhygujgkhugyu::2007::public,private

grasmanek94 avatar Feb 17 '20 11:02 grasmanek94