[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cfkey help
Re: cfkey help
Sun, 1 Dec 2002 14:37:07 -0800
On Sun, Dec 01, 2002 at 09:31:20PM +0100, address@hidden wrote:
> On 1 Dec, Nate Campi wrote:
> I am sorry, but you are completely fooled by hype.
You don't know what I know of SSH trust at all, and I find this comment
to be rude.
> > With SSH I have an in-place public-key trust, with cfengine I don't have
> > this. I'm piggybacking cfengine key dist on an established trust
> > mechanism that I have faith in. How is this bad?
> Your ssh system might be in place now -- but how did it get there?
> You had to play the trust game to begin with. Are you sure it is
> still intact? Are you sure there were no races when you were setting
> it up. These are all things that can go wrong with SSH that the SSH
> folks don't talk about. Cfengine uses essentially the same trust
> mechanism that SSH does -- neither one is better than the other.
Nobody said anything about "better" - in fact I compared the two trust
mechanisms in my first message because they are essentially the same.
Of course I initially had to deal with SSH host key issues. Who says I
ever trusted keys from manually connecting? Did you assume that? Why? I
have a SSH known_hosts file that I trust - that's all that matters. I'm
the one who will have to deal with the consequences if my trust model
Now I want to use (rsync over) SSH to dist the cfengine software and
pre-generated keys and you seem to think that I'm placing trust in the
wrong place. Ok then, how do you do it? Carry a CDROM to all your
machines and install cfengine that way?
> > Oh well, the method I'm using works fine - I'll keep using it. I get
> > around any forward/reverse DNS issues with automatic key trusts this way
> > as well (though I only had trouble with that on my test network,
> > production DNS *should* match ;).
> Cfengine makes all of these trust issues "in your face" rather than
> "under the rug". BY all means use the SSH mechanism, but it will just
> be more work for you, and no better security.
More work? I have to push the cfengine software out somehow, and when I
do I dist out a key as well. No extra work. This is much less work
because I don't have to worry about the keys trust issues and go back
and troubleshoot why some hosts aren't authenticating with the server. I
have keys on both ends from the get-go. KISS is the sysadmin motto, and
this method actually helps keep things simpler.
I think this all boils down to you (Mark) misinterpreting my initial
message as saying SSH is more trustworthy than cfengine. I said no such
thing and I think no such thing. I simply have a SSH infrastructure in
place that I trust, no more no less.
P.S. I've spent a huge amount of time dealing with SSH issues at my
site, far more than most sites, I'm sure. The O'Reilly SSH book
completely changed the way I approach SSH and administration of UNIX
machines. I recommend it.
Nate Campi http://www.campin.net
"I'd love to change the world, but they won't give me the source code!"
Description: PGP signature