2009/9/18 bofh <goodb...@gmail.com>:
> There's 400+ unix boxes. I know we can stick keys into
> authorized_keys, but managing it for a bunch of automated processes
> seems a bit unwieldy. Is there any way of pointing to an external
> source, say, ldap?
>From ssh(1):
If the fingerprint is unknown, an alternative method of
verification is available: SSH fingerprints ver-
ified by DNS. An additional resource record (RR), SSHFP, is
added to a zonefile and the connecting
client is able to match the fingerprint with that of the key presented.
Best
Martin
