On Fri, Sep 18, 2009 at 12:53 PM, Lars Nooden <lars.cura...@gmail.com> wrote: > bofh wrote: >> Hi, >> Just wanted to see how you guys manage authorized_keys. I'm trying to >> move everyone off "legacy" protocols onto openssh, and one of my >> proposals will involve using authorized keys for scripts/automated >> processes. >> >> There's 400+ unix boxes. I know we can stick keys into >> authorized_keys, but managing it for a bunch of automated processes >> seems a bit unwieldy. Is there any way of pointing to an external >> source, say, ldap? > > A long time ago, for a much smaller number of machines and only two or > three, I used rsync + authorized_keys. > How many keys are you talking about?
That's one problem, I have no idea. I do know that we have some automated processes for grabbing performance data. I'm thinking probably between 20 and 50 keys. It really depends on a couple of other factors as well - do I want to pull ftp type access in to this little project? If so, that definitely increases things quite a bit. Hmm... can things be locked down so that scp access won't provide shell access? This would be whatever version of openssh IBM put on AIX. Gah, now have to go do more research... :) -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk "This officer's men seem to follow him merely out of idle curiosity." -- Sandhurst officer cadet evaluation. "Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted." -- Gene Spafford learn french: http://www.youtube.com/watch?v=30v_g83VHK4