Emergency Stop

A good example of why you might need to stop all admin activity on the server is a rogue employee. In that scenario, log in to root on your server and move and/or recreate two files:

• /home/admin/.ssh/authorized_keys
• /usr/local/bin/blueskyadmin.key

The first kills all admin access to the server and thus to the connected clients. The latter prevents reinstall using Admin Setup.

When an employee gives notice (or is about to be fired), you know the termination date, and you want to revoke access: edit the authorized_keys file mentioned above. Remove the line(s) with their keys that were uploaded from BlueSky Admin. If unsure which line(s) are theirs you can move/delete the file and re-register your computer(s) by running Admin Setup on them.

Optionally you can (should) also roll the blueskyadmin keys. You can do this on the server by running:

/usr/local/bin/BlueSky/Server/client-config.sh --admin

This will require updating the blueskyadmin.pub file in the Admin Setup applet as it will render existing copies useless (in case your rogue employee has copies). Your existing admin keys continue to work so no need to re-register your computers.

In both scenarios, client computers remain connected and unaffected. If you want to generate new keys for a new client installer too (bearing in mind it is low risk for a rogue employee to have that - it doesn’t get them anywhere) you can regenerate the client keys and build a new installer with it.