Re: cfkey help

[Nate Campi]

On Sun, Dec 01, 2002 at 10:11:29AM +0100, Mark.Burgess@iu.hio.no wrote:
> On 30 Nov, Nate Campi wrote:
> > I don't like accepting cfengine keys on trust any more than I like
> > accepting ssh host keys on trust - I'll do it if I have to but not if I
> > can avoid it.
> > 
> > I've been able to avoid having to trust cfengine keys by generating the
> > keys on a central host and disting it to the client and servers via SSH
> > priv key authentication. The only problem is that my script has to move
> > the host's real key out of place while the client's key is being
> > generated. I wish I could tell cfkey to generate a different filename.
> 
> Nate, this could be added to cfkey I suppose, but I would recommend
> a different strategy. Make sure that you understand what the trust
> issue is really about. Cfengine is more paranoid than ssh on this,
> but using ssh to distrbute cfengine keys sounds a bit like using
> a Jeep instead of a van because you don't like cars.

I don't think this is true at all. I have strong authentication and
integrity using my SSH distribution method. This is like using an
armored car instead of carrying large wads of cash while walking alone
on the street.

Wish SSH I have an in-place public-key trust, with cfengine I don't have
this. I'm piggybacking cfengine key dist on an established trust
mechanism that I have faith in. How is this bad?

Oh well, the method I'm using works fine - I'll keep using it. I get
around any forward/reverse DNS issues with automatic key trusts this way
as well (though I only had trouble with that on my test network,
production DNS *should* match ;).
-- 
Nate Campi   http://www.campin.net 

"A computer will do what you tell it to do, but that may be much
different from what you had in mind." - JOSEPH WEIZENBAUM, quoted in
Time

pgpXfoVKJshkG.pgp
Description: PGP signature