Trust Manager
A complete audit log of every SSH key Schooner has installed on your servers — with one-click revocation for any entry.
What is a trust relationship?
When you initiate a server-to-server transfer using the permanent trust mode, Schooner generates an ed25519 keypair and installs the public key on the destination server's authorized_keys file. This "trust relationship" lets server A authenticate to server B directly on future transfers.
Every installed key is labelled with a structured comment so it's always clear who put it there:
ssh-ed25519 AAAA... Schooner:server-a→server-b(2026-05-01)Opening Trust Manager
Click the ⛵ menubar icon → Trust Manager.
Reading the trust list
Each row shows:
- Source — the server that uses this key to authenticate
- Destination — the server where the public key is installed
- Created — when the key was installed
- Last used — the most recent transfer that used this key
- Type — Permanent or Temporary (temporary keys are removed automatically after use)
- Status — Active or Revoked
Revoking a trust relationship
Select a row and click Revoke. Schooner will:
- Connect to the destination server.
- Remove the matching line from
~/.ssh/authorized_keyson that server. - Mark the entry as Revoked in the local trust database.
- Delete the private key from the source server (if it's a Schooner-managed key).
Revocation requires access: Schooner connects to the destination server to remove the key. If the destination server is unreachable, you'll need to remove the key manually by editing authorized_keys on that server.
Security model
Schooner-generated keys are scoped as narrowly as possible:
- Temporary keys — restricted to SFTP commands and the source server's IP address via
authorized_keysoptions. Automatically cleaned up after the transfer. - Permanent keys — standard public key authentication. The Trust Manager is the escape valve for removing them when no longer needed.
All trust entries are stored in schooner.sqlite and never leave your machine.