We've been pushing ssh public keys with Ansible, but this is becoming cumbersome:
- it takes a significant amount of time to do so, this is growing as the list of keys is growing (O(n) type of thing) - keys only get pushed where somebody does a does a push, which means that it becomes somebody job, and we still easily miss new/temporary servers
We looked at LDAP with sshd AuthorizedKeysCommand, but beside the pain of having to extend an ldap schema, it means maintaining our own LDAP server, make that two to be redundant etc... The sort of things we were trying to avoid by going to a cloud infrastructure.
Played with sshd AuthorizedKeysCommand and S3, pulling the keys via http, but that has its own set of safety issues, although mitigated by the fact that our AWS instances use Amazon DNS servers....
What have you found that works well? Thanks. -- Yves. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
