Active
Project:
SSH Key
Version:
4.x-dev
Component:
Code
Priority:
Major
Category:
Feature request
Assigned:
Unassigned
Reporter:
Created:
7 Jun 2013 at 19:30 UTC
Updated:
18 Mar 2026 at 22:25 UTC
Jump to comment: Most recent
Since keys are important it could be useful to have secondary storage (i.e. email, log files) of the fingerprints and actions taken on keys.
Todo:
* Email the account owner whenever a key is changed (deleted, added, edited) including fingerprint before/after the change and instructions on how to check the fingerprint of a public/private key
Done:
* Log the same (delete/add/edit) operations in watchdog and maybe in other locations? #2166053: Add watchdog messages when SSH keys are added or changed #2166055: Track sshkey changes
Comments
Comment #1
drummComment #2
dave reidI don't think we should add any kind of periodically confirmation email. That could also be split into a separate module if someone wanted that functionality.
I agree being able to configure an e-mail whenever an SSH key is added/changed/removed. I'm seeing that now more with sites. I think adding a hook_action_info() implementation (or whatever the equivalent is for Rules module) so that the emails could be configured on a site by site bases. Maybe a provided sub-feature module to provide this email support.
And +100 for adding watchdog logging. I should also add support in the role_activity module for sshkey.module.
Comment #3
drummWhile I see the advantages, I'm not eager to consider adding Rules to Drupal.org. Rules with Commerce on DrupalCon sites caused sites outages related to a rules cache locking/contention. It was mitigated by moving from the core DB cache to MemCache. We already have MemCache on Drupal.org, and now all new DrupalCon sites.
Comment #4
dave reidAdding some SSH key email templates that I've encountered before:
[GitHub] A new public key was added to your account
[Bitbucket] SSH key added to your account
Comment #5
dave reidI never said Rules was necessary. We should be able to set it up with just Action and Trigger modules.
Comment #6
gregglesCan you explain more on this:
The goal is to discover a situation where the key has been changed outside of the normal form editing process. There are other ways we could do that, but I think this is the easiest way.
Comment #7
dave reidBecause regular 'reminder' emails like that are typically ignore and not very functional? I've not ever seen something like that done so I'm not convinced it would actually be useful? And I think it should be provided as a separate module (let alone a separate feature request since this is three requests all in one).
Comment #8
drummGreat. We don't have Trigger enabled on Drupal.org right now. As long as it is the right tool for the job, and it seems it is, we can test and enable it when we upgrade SSH Key.
Comment #9
dave reidFiled #2166053: Add watchdog messages when SSH keys are added or changed in sshkey and #2166055: Track sshkey changes in role_activity
Comment #10
gregglesAwesome, thanks for the work mentioned in #9. Updating the title to reflect what remains here.
Comment #11
tvn commentedComment #12
drummComment #13
colanSounds reasonable to me, but new features go into HEAD.
Comment #14
drummDrupal.org no longer uses this module, in favor of GitLab managing SSH keys, which does have these notifications.
Still a good feature request for this module.