Multiple SSH keys for Rsync


#1

The title says it all: the ability to have multiple SSH keys being able to push data into a CDN zone is a must for security and ease of use. As it currently stands, KeyCDN only supports one SSH key at a time per account.

Reasons why you’d want multiple SSH keys to be able to access your CDN:

  • You have more than one device or location that you want to push data from (eg laptop, desktop, home/work, server etc)
  • Sharing one SSH key between devices is a bad plan, and sharing keys between people is worse.
  • In a team environment (or really, any environment with 2+ people), more than one person is going to need to push or modify data on the CDN. (see also Bus Factor)
  • Sharing a username and password pair between people is also a bad plan.
  • Passwords are inherently less secure than keys.
  • Using FTPS clients whilst the server supports plain FTP means there’s a good chance someone will accidentally use FTP and send the password in the clear.
  • Granting and revoking permission via multiple keys is far, far simpler than sharing credentials and needing to revoke/change them if key/password is compromised (or person leaves team)

There’s a very good reason platforms like GitHub, GitLab and Bitbucket all support multiple SSH keys for pushing code, and KeyCDN should too. Assuming the KeyCDN infrastructure is just passing the authorised keys from the web interface to something like .ssh/authorized_keys, adding the ability to use multiple SSH keys should be fairly straightforward.

So, please implement this feature!

For note, yes, I know I could set a shared server up on my side, creating a common keypair that people share, and having people push from that machine, but this is a cumbersome workaround that requires also sharing a password (eg passphrase to key), and the key is still a shared credential. See all my above points about shared credentials being a bad idea.


#2

I’d like this to happen as well! Especially, since ftp is quite annoying to build into an automated build process. Also, it’s easier to commit the deploy script to a VCS and leave out the credentials with rsync.


#3

Thank you for outlining your situation. There’s the option to create FTP subusers but I see your need for multiple SSH keys.
We’re in the process of defining an ETA for that feature. Update follows.


#4

@jonas I need this feature, too. When it will be done?


#5

Just ran into this same issue. I have 4 different machines that could do the cdn upload, each with a unique private key. It seems like you could just paste multiple ssh public keys into the ssh pub key box, but it doesn’t work/

Otherwise KeyCDN is an amazing service at a great price.


#6

As a workaround to this in the meantime, you could setup a server that you administer in terms of users, files, etc and then perform a bulk FTP upload to the KeyCDN server when required. This would allow you to have several users contribute to one project however only 1 user would be able to relay that information to the storage cluster.

Multiple SSH keys is still on the roadmap, however there is no definitive ETA as of yet.


#7

Any ETA yet?

This is really the only major downside to KeyCDN at the moment. I’m starting to use my account for websites on which I am collaborating with other users.


#8

We total understand the need for this. This should be possible in the next couple of weeks.


#9

It’s been a couple of weeks (27 days), what’s the current ETA?


#10

We’re still working on this, we should have an update soon.

Sorry for the wait.


#11

Status: The requested feature has been implemented.


#12