On Fri, Sep 18, 2009 at 10:29:54AM -0400, bofh wrote: > Hi, > Just wanted to see how you guys manage authorized_keys. I'm trying to > move everyone off "legacy" protocols onto openssh, and one of my > proposals will involve using authorized keys for scripts/automated > processes. > > There's 400+ unix boxes. I know we can stick keys into > authorized_keys, but managing it for a bunch of automated processes > seems a bit unwieldy. Is there any way of pointing to an external > source, say, ldap?
Not an external source, but we use puppet to manage the authorized keys file amongst our servers and vms at work. If you need to add or remove a key, just make the change on the master and let the magic flow. > > Thanks for any pointers! > > -- > http://www.glumbert.com/media/shift > http://www.youtube.com/watch?v=tGvHNNOLnCk > "This officer's men seem to follow him merely out of idle curiosity." > -- Sandhurst officer cadet evaluation. > "Securing an environment of Windows platforms from abuse - external or > internal - is akin to trying to install sprinklers in a fireworks > factory where smoking on the job is permitted." -- Gene Spafford > learn french: http://www.youtube.com/watch?v=30v_g83VHK4
