Use rsync to sync ssh keys

[dalcde]

Problem to be solved

This is a proposed solution to #4.

Solution details

We set up a directory on pip that contains all sysadmin keys

/etc/adm-keys
 |- dec41-authorized_keys
 |- eb677-authorized_keys
 |- ...

In each sysadmin's home directory on pip, set ~/.ssh/authorized_keys to be a symlink to /etc/adm-keys/$USER-authorized_keys. Then any key added to pip will automatically appear in this directory

We then set up an rsync daemon to publicize the contents in this directory. Other servers download the list, create and delete user accounts as appropriate, and then symlink the authorized_keys.

Pros and cons

Pros

• This does not depend on being on a secure network, since the public keys are
  broadcast via https.

• There is no single point of failure. There is, however, still a single point of trust.

• No external service (e.g. GitHub) has to be trusted

• Very simple workflow for users - simply add the key to pip.

Unsolved questions

How to protect the authorized_keys directory from MITM attacks?