

What's next for Flynn - danielsiders
https://flynn.io/blog/whats-next-for-flynn

======
asabjorn
For those that does not remember/know what Flynn is: Flynn aims to enable you
to run your own mini-Heroku with a lot less hassle than current solutions. It
builds upon the excellent work of DotClouds Docker.

~~~
Titanous
Context:
[https://news.ycombinator.com/item?id=6058662](https://news.ycombinator.com/item?id=6058662)

------
SiliconAlley
I promised I would ask this next time there was a Flynn post. Having tried to
hack a PaaS like this with git "push-to-deploy" functionality, one of the most
problematic components to implement was SSH authentication. Getting a workable
but unscalable solution was easy by just writing "forced command" entries to
the ~/.ssh/authorized_keys file, but getting a scalable solution seemed to
require hacking OpenSSHd to check public keys against a database (this is what
github does, and requires patching and recompiling OpenSSHd). How is Flynn
doing key lookup for the push-to-deploy?

~~~
Titanous
There are three options:

1) Change authorized_keys after each user modification.

2) Use OpenSSH with a custom PAM module or patch that does database lookups.

3) Use an SSH library to implement a custom server that only handles git
pushes and does database lookups.

We have not decided which method to use yet.

~~~
gklein
You have some other options to solve that: \- SSH Key management with SKM \-
SSH Key DB \- Openssh LPK (SSH Patch that supports LDAP) \- Openssh Ldap
Publickey

I believe that Openssh Ldap Publickey is one of the best options cause it does
not require any patches or file syncing and it keeps the public keys in a
central LDAP server.

1\. [https://sites.google.com/site/jeromeboismartel/code-s-
corner...](https://sites.google.com/site/jeromeboismartel/code-s-corner/ssh-
key-management-with-skimp) 2\. [https://code.google.com/p/ssh-
keydb/](https://code.google.com/p/ssh-keydb/) 3\.
[https://code.google.com/p/openssh-lpk/](https://code.google.com/p/openssh-
lpk/) 4\. [https://github.com/AndriiGrytsenko/openssh-ldap-
publickey](https://github.com/AndriiGrytsenko/openssh-ldap-publickey)

