help-cfengine
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Administering a thousand hosts

From: Mark Burgess
Subject: Re: Administering a thousand hosts
Date: Thu, 18 Nov 2004 15:36:27 +0100
User-agent: Mutt/1.4.2i 
You should read carefully the documentation of copy on the webite.
Using ssh to distirbute keys offers no improvement to security.
M


On Wed, Nov 17, 2004 at 09:52:02AM +1100, Tim Nelson wrote:
> On Tue, 16 Nov 2004, Dar?o Mariani wrote:
> 
> >Thanks for the answer.
> >How did you handle the distribution of cfengine public keys? When I
> >run cfrun there is a key interchange that it asks me to accept.
> 
>       There are a variety of ways of doing this.  I personally have a 
> script that:
> 1.    Sets cfservd to trust that IP irrespective of key
> 2.    Uses ssh to trigger the first cfengine run (which will do the key
>       exchange)
> 3.    Sets cfservd to not trust the IP
> 
>       I hope this answers the question.
> 
>       Incidentally, cfengine works in something you could call 
> master/slave config, so if you grow, you can do that kind of thing too.
> 
>       :)
> 
> -- 
> Tim Nelson
> Server Administrator
> WebAlive Technologies Global
> Level 1 Innovation Building, Digital Harbour
> 1010 LaTrobe Street
> Docklands, Melbourne, 
> Vic, 3008
> Phone: +61 3 9934 0812
> Fax: +61 3 9934 0899
> E-mail: tim.nelson@webalive.biz
> http://www.webalive.biz/

> _______________________________________________
> Help-cfengine mailing list
> Help-cfengine@gnu.org
> http://lists.gnu.org/mailman/listinfo/help-cfengine


-- 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Work: +47 22453272            Email:  Mark.Burgess@iu.hio.no
Fax : +47 22453205            WWW  :  http://www.iu.hio.no/~mark
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
reply via email to
[Prev in Thread] Current Thread [Next in Thread]