freedomofpress
Automate SSH key tasks during install
Feature request
Description
The installation process for first-run users includes the creation of ssh keys on the admin workstation to be used for authentication against the securedrop servers (mon + app). This is outlined in the following pieces of documentation. Since we have been tackling providing more guard-rails on the installation process (in tickets like #1781 ) via an admin install script -- it makes sense to also attempt to automate away this manual process of the installation. It should of course be optional in case an admin has their own ssh key they would like to drop in place.
User Stories
As an admin, I would like the securedrop installation scripts to optionally provision an ssh-key for me, drop it on the server, and ensure my admin workstation can ssh to the securedrop servers using that key.
It should of course be optional in case an admin has their own ssh key they would like to drop in place.
I think that we should only support drop-in of an existing SSH key as part of the restore/ recovery playbook. Admins should not be using SSH keys that they use elsewhere on their admin workstation given previous attacks we've seen against OpenSSH.
This would be a useful automation step for the initial install, and it would enforce the use of a new dedicated SSH key for the first Admin Workstation, which is good security-wise.
