[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: key exchange doc
|
From: |
Lumpkin, Buddy |
|
Subject: |
RE: key exchange doc |
|
Date: |
Fri, 20 Sep 2002 15:15:29 -0700 |
Mark,
If CFengine does this so easily, could you please put the instructions ou there.
I have seen this revisited several times and I can tell you that I eventually
just wrote a script to do it with scp.
I think we are all very eager to see how to do this with CFengine.
Regards,
--Buddy
-----Original Message-----
From: Mark.Burgess@iu.hio.no [mailto:Mark.Burgess@iu.hio.no]
Sent: Friday, September 20, 2002 3:00 PM
To: david@douthitt.net
Cc: heinlein@cse.ogi.edu; help-cfengine@gnu.org
Subject: Re: key exchange doc
> To my knowledge, there isn't one. The general way I do it is to manually
> do it with scp:
>
> cfkey
> export PPKEYS=/var/cfengine/ppkeys
> scp there:$PPKEYS/localhost.pub $PPKEYS/root-99.99.99.99.pub
> scp $PPKEYS/localhost.pub there:$PPKEYS/root-11.11.11.11.pub
>
> You don't have to use PPKEYS, but it shortens lines in the example :-)
> This assumes that there is 99.99.99.99 and here is 11.11.11.11 ...
There is absolutely no sense in doing this. Cfengine exchanges
the keys much more easily.
> You could use TrustKeysFrom to do this but I haven't tried it -
> automatically trusting an unknown host scares me...
Then why do you trust the secure shell? It cannot do any more
than cfengine can. You also have to blindly trust ssh
before the keys are exchanged.
Don't kid yourself -- there's no such thing as a free lunch.
Mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272 Email: Mark.Burgess@iu.hio.no
Fax : +47 22453205 WWW : http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________
Help-cfengine mailing list
Help-cfengine@gnu.org
http://mail.gnu.org/mailman/listinfo/help-cfengine