I promised I would ask this next time there was a Flynn post. Having tried to hack a PaaS like this with git "push-to-deploy" functionality, one of the most problematic components to implement was SSH authentication. Getting a workable but unscalable solution was easy by just writing "forced command" entries to the ~/.ssh/authorized_keys file, but getting a scalable solution seemed to require hacking OpenSSHd to check public keys against a database (this is what github does, and requires patching and recompiling OpenSSHd). How is Flynn doing key lookup for the push-to-deploy?
You have some other options to solve that:
- SSH Key management with SKM
- SSH Key DB
- Openssh LPK (SSH Patch that supports LDAP)
- Openssh Ldap Publickey
I believe that Openssh Ldap Publickey is one of the best options cause it does not require any patches or file syncing and it keeps the public keys in a central LDAP server.
When I was doing this, I was leaning toward going the 3rd approach, but it seemed a really momentous undertaking. That would definitely be a boon to the future of PaaS projects though, because it seems like OpenSSH doesn't really have the use-case in mind, plus I hate the idea of hacking something as fundamental as OpenSSH on my machine to do development work on a single project
For those that does not remember/know what Flynn is: Flynn aims to enable you to run your own mini-Heroku with a lot less hassle than current solutions. It builds upon the excellent work of DotClouds Docker.