On Fri, Sep 18, 2009 at 12:53 PM, Lars Nooden <lars.cura...@gmail.com> wrote:
> bofh wrote:
>> Hi,
>> Just wanted to see how you guys manage authorized_keys.  I'm trying to
>> move everyone off "legacy" protocols onto openssh, and one of my
>> proposals will involve using authorized keys for scripts/automated
>> processes.
>>
>> There's 400+ unix boxes.  I know we can stick keys into
>> authorized_keys, but managing it for a bunch of automated processes
>> seems a bit unwieldy.  Is there any way of pointing to an external
>> source, say, ldap?
>
> A long time ago, for a much smaller number of machines and only two or
> three, I used rsync + authorized_keys.
> How many keys are you talking about?

That's one problem, I have no idea.  I do know that we have some
automated processes for grabbing performance data.  I'm thinking
probably between 20 and 50 keys.  It really depends on a couple of
other factors as well - do I want to pull ftp type access in to this
little project?  If so, that definitely increases things quite a bit.
Hmm... can things be locked down so that scp access won't provide
shell access?  This would be whatever version of openssh IBM put on
AIX.  Gah, now have to go do more research... :)



--
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted."  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=30v_g83VHK4

Reply via email to