[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: distributing SSH keys in a cluster environment



also sprach Craig Sanders <cas@taz.net.au> [2004.10.30.0015 +0200]:
> 3. when a machine is being built or rebuilt, install the correct
> ssh keys in /etc/ssh.  they can be fetched via password-protected
> http or https or ftp or even tftp, then decrypted and untarred.
> since they're encrypted you don't have to be completely paranoid
> about them - normal security precautions are adequate. 

well, the decryption requires a password, so the installation is not
unattended anymore. since we have a number of headless number
crunchers in the cluster, this is essential.

i am beginning to believe that i am looking for a solution where non
exists...

-- 
Please do not send copies of list mail to me; I read the list!
 
 .''`.     martin f. krafft <madduck@debian.org>
: :'  :    proud Debian developer, admin, user, and author
`. `'`
  `-  Debian - when you have better things to do than fixing a system
 
Invalid/expired PGP subkeys? Use subkeys.pgp.net as keyserver!

Attachment: signature.asc
Description: Digital signature


Reply to: