> maybe have a look at cfengine? > or apt-cache search / freshmeat / google for other options I was down this road just a few months ago. cfengine is nice except that the author doesn't believe that 'administrative information' is something that should be protected and thus has no plans to move from rsh to an SSH tunnel or SSL. Imagine syncing /etc/shadow or some other information that should be kept secret over RSH. Yuck. Beyond cfengine, there are a couple of tools out there although I never really grew to like any of them. There is one called PiKT and another called Palantir. Palantir is sorta like SourceForge in that it has a lot of hard-coded stuff that makes it very difficult to get working in an environment other than the one it is developed in. The PiKT author gave a presentation at LISA 2000 and seems to be actively hacking on the project. I never really liked his custom scripting language though so... I ended up taking much the same approach that you offer except that my private keys are kept offsite and behind a very tight firewall. Whenever a change needs to be made I have to write a script and put it in a globally accessible NFS share. I then use the machine behind the firewall to iterate through the address space of the target machines using ssh-agent and with a command line something like: $ ssh -l root '<path to update script>' It works but is very kludgey. There is a commercial software package called NetShell that will do a lot of the remote admin kind of tasks but I have not had a chance to purchase a copy and try it out. Regardless, it is non-free. I am mostly interested in NetShell as another data point regarding how these kind of problems can be solved. -- --- Nathan Valentine - nathan@uky.edu University of Kentucky Lab for Advanced Networking Jabber: NRVesKY AIM: NRVesKY ICQ: 39023424
Attachment:
pgpy2gDgjqMf8.pgp
Description: PGP signature