Joachim Schipper wrote:
>> There's 400+ unix boxes.  I know we can stick keys into
>> authorized_keys, but managing it for a bunch of automated processes
>> seems a bit unwieldy.  
> Have you considered Kerberos? You'll still have to add accounts (or use
> LDAP, indeed), but at least you don't have to copy the keys everywhere.
> 

With some patches, you can use the krb5 host-keys instead of the
ssh-host-keys.

Then again, any site with 400+ boxes should really have most of them on
a "automated install" procedure anyhow, so sending out authorized_keys
using that should be a high priority.

Reply via email to