[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: How to copy files from a Client back to the server
|
From: |
Thomas Glanzmann |
|
Subject: |
Re: How to copy files from a Client back to the server |
|
Date: |
Thu, 29 May 2003 01:55:19 +0200 |
|
User-agent: |
Mutt/1.5.4i |
> manually without help of cfengine. From then on, before installing a
> new host, we first generate the ssh host key pairs on the cfengine
> server and then have the client copy those keys securely from the
> server using cfengine. This prevents the ssh host keys from being lost
> when the machine is reinstalled and the we can easily generate the
> site-wide ssh_known_hosts file on the server and then distribute it to
> other places using cfengine.
We're using different mechanisms:
On Client reinstall. The old hostkeys are preserved from the old
partition.
If no hostkey could be recovered a new one is regenerated.
Every hour runs a script on our site and informs us of
workstations with changed ssh keys. (using ssh-keyscan)
If we reisntall a workstation we manually trigger a script unter
supervision to collect the changed key from the workstation and
include it into ssh_known_hosts.
I think it is *bad* practice to collect all private keys on one machine.
But on the other side ... if this one machine is compromised you have
other problems then you're ssh keys. :-)
Thomas