help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: key exchange doc

From: Mark . Burgess
Subject: Re: key exchange doc
Date: Fri, 20 Sep 2002 23:59:47 +0200 (MET DST) 
> To my knowledge, there isn't one.  The general way I do it is to manually
> do it with scp:
> 
>     cfkey
>     export PPKEYS=/var/cfengine/ppkeys
>     scp there:$PPKEYS/localhost.pub $PPKEYS/root-99.99.99.99.pub
>     scp $PPKEYS/localhost.pub there:$PPKEYS/root-11.11.11.11.pub
> 
> You don't have to use PPKEYS, but it shortens lines in the example :-)
> This assumes that there is 99.99.99.99 and here is 11.11.11.11 ...


There is absolutely no sense in doing this. Cfengine exchanges
the keys much more easily.

 
> You could use TrustKeysFrom to do this but I haven't tried it -
> automatically trusting an unknown host scares me...


Then why do you trust the secure shell? It cannot do any more
than cfengine can. You also have to blindly trust ssh
before the keys are exchanged.

Don't kid yourself -- there's no such thing as a free lunch.

Mark

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
reply via email to
[Prev in Thread] Current Thread [Next in Thread]