[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: distributing SSH keys in a cluster environment



On Fri, 29 Oct 2004 22:38:34 +0200, martin wrote in message 
<[🔎] 20041029203834.GI22871@cirrus.madduck.net>:

> also sprach Arnt Karlsen <arnt@c2i.net> [2004.10.29.2054 +0200]:
> > ..have each node scp those keys and whatever else you want from 
> > the boot server, say from each node's /etc/rc.local.  _Combine_ some
> > node hardware based ID schemes, say nics mac addresses, cpuid, etc.
> 
> How do you suggest to combine a hardware based ID scheme with SSH?
> Also, which hardware ID should be used, so that it's not forgeable?

..that depends on your hardware, nic mac addresses can be forged, cpuid
can be forged etc.  Now, list all your nodes hw info, and see if you can
poll s.m.a.r.t'ly for disk partition uids or even md5sums off swap files
or swap disks across boots, and you still wind up having to trust your
nodes  at some stage.  Get creative!  ;-)


-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.




Reply to: