Page MenuHomePhabricator

Central user/key management through JumpCloud
Open, WishlistPublicFEATURE REQUEST

Description

Currently, users and their SSH public keys have to be managed on each and every individual VyOS installation. This is an inefficient process if one has to manage multiple VyOS boxes. For standard Linux distributions, there is a smart solution for that: JumpCloud.

JumpCloud offers Directory as a Service (DaaS), including an agent that can be installed on standard Linux distributions. Once this agent is installed on a Linux box, it registers the box with JumpCloud and allows users and their passwords as well as public keys to be managed centrally.

  • Want to change your password on all your Linux based compute instances? Just change your password in JumpCloud and it will propagate the change to all machines you are a user of.
  • Want to give a new user access to a group of compute instances? Just add the user to the appropriate machines or group of users and JumpCloud takes care of the rest. The new user will be able to log into the machines just a few seconds later.

How cool would it be to also be able to manage VyOS installations this way?

Thanks for considering this feature request.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close

Event Timeline

Michael created this task.Nov 15 2017, 7:34 AM
c-po added a subscriber: c-po.Nov 15 2017, 9:50 AM

Thanks for this feature request. I'm not to happy having a cloud provider install some SSH keys onto my system. If you have to manage many VyOS machines, why not use Ansible?

Thanks for your feedback. Maybe I should clarify the feature request a bit:

I would like to have the option to install the JumpCloud agent on my VyOS machines (so this would not be forced on anyone who doesn't need or want it). Look at it as complementary option to Ansible, supported by VyOS. As VyOS is based on Linux, this should be already possible in principle with the current JumpCloud agent. The issue are the details:

The JumpCloud installer is essentially a bash script that tries to identify the system in order to A) determine compatibility and B) register the corresponding repositories on that machine.

So JumpCloud would also have to support VyOS in the list of compatible OSes for this to work. It would require cooperation of VyOS and JumpCloud. Not sure if they are interested in this but I guess it would help them expand their device base, too, so to me this looks like a win-win. First question is though:

Are other VyOS users interested? ;-)

syncer added a subscriber: syncer.Nov 15 2017, 7:47 PM

I think we all will benefit from pluggable auth system,
all that remote system login sources (radius, tacacs+, active directory) must be easy (relatively) add if that required.

syncer triaged this task as Wishlist priority.Dec 21 2017, 9:16 PM
dmbaturin moved this task from Need Triage to Wishlist on the VyOS 1.2 Crux board.May 24 2018, 6:29 PM
pasik added a subscriber: pasik.Mar 12 2019, 6:14 PM