2009/9/18 bofh <goodb...@gmail.com>:
> There's 400+ unix boxes.  I know we can stick keys into
> authorized_keys, but managing it for a bunch of automated processes
> seems a bit unwieldy.  Is there any way of pointing to an external
> source, say, ldap?

>From ssh(1):

     If the fingerprint is unknown, an alternative method of
verification is available: SSH fingerprints ver-
     ified by DNS.  An additional resource record (RR), SSHFP, is
added to a zonefile and the connecting
     client is able to match the fingerprint with that of the key presented.

Best
   Martin

Reply via email to