[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Many-to-one copy
|
From: |
Wil Cooley |
|
Subject: |
Re: Many-to-one copy |
|
Date: |
Thu, 21 Apr 2005 12:07:19 -0700 |
On Thu, 2005-04-21 at 18:36 +0200, Alexander Jolk wrote:
> Hi,
>
> I'm copying my SSH host keys from all client machines to the server, in
> order to generate a global known_hosts file on the server and
> redistribute it to everybody. This worked quite nicely so far, but now
> I'm running into heavy scaling problems---there's almost always one
> machine blocking the server, which means the server has many cfagent
> processes running, and connections get refused.
>
> Does anybody have an idea how to better organize things? I had already
> used `ifelapsed=1440' in order to try to contact every client machine
> only once a day, but cfengine would establish the connection anyway.
You might instead use the 'ssh-keyscan' program that comes with OpenSSH
to collect the keys. I keep a file with a list of hosts and their
aliases and re-run the keyscan whenever I add new hosts; I then
distribute the output (which is in ssh_known_hosts format) directly from
my cfengine server. It would get more tricky if I had hosts that
weren't directly accessible (actually I do, but I haven't bothered too
much with them).
Wil
--
Wil Cooley wcooley@nakedape.cc
Naked Ape Consulting http://nakedape.cc
* * * * Linux, UNIX, Networking and Security Solutions * * * *
signature.asc
Description: This is a digitally signed message part