I promised I would ask this next time there was a Flynn post. Having tried to hack a PaaS like this with git "push-to-deploy" functionality, one of the most problematic components to implement was SSH authentication. Getting a workable but unscalable solution was easy by just writing "forced command" entries to the ~/.ssh/authorized_keys file, but getting a scalable solution seemed to require hacking OpenSSHd to check public keys against a database (this is what github does, and requires patching and recompiling OpenSSHd). How is Flynn doing key lookup for the push-to-deploy?
For those that does not remember/know what Flynn is: Flynn aims to enable you to run your own mini-Heroku with a lot less hassle than current solutions. It builds upon the excellent work of DotClouds Docker.
[+] [-] SiliconAlley|12 years ago|reply
[+] [-] Titanous|12 years ago|reply
1) Change authorized_keys after each user modification.
2) Use OpenSSH with a custom PAM module or patch that does database lookups.
3) Use an SSH library to implement a custom server that only handles git pushes and does database lookups.
We have not decided which method to use yet.
[+] [-] asabjorn|12 years ago|reply
[+] [-] Titanous|12 years ago|reply
[+] [-] glockular|12 years ago|reply
[deleted]