2009/9/18 bofh <goodb...@gmail.com>: > There's 400+ unix boxes. I know we can stick keys into > authorized_keys, but managing it for a bunch of automated processes > seems a bit unwieldy. Is there any way of pointing to an external > source, say, ldap?
>From ssh(1): If the fingerprint is unknown, an alternative method of verification is available: SSH fingerprints ver- ified by DNS. An additional resource record (RR), SSHFP, is added to a zonefile and the connecting client is able to match the fingerprint with that of the key presented. Best Martin