help-cfengine
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Automating distribution of authorized_keys


From: Armin Wolfermann
Subject: Re: Automating distribution of authorized_keys
Date: Wed, 18 May 2005 13:49:45 +0200
User-agent: Mutt/1.5.9i

* Luke Youngblood <address@hidden> [18.05.2005 07:19]:
> 1.    Has anyone implemented an authorized_keys distribution system that
> uses editfiles rather than copy?

I'm using something like:

        { /root/.ssh/authorized_keys
        AutoCreate
        Backup "off"
        DeleteLinesStarting "ssh-rsa AAAA..... revoked"
        AppendIfNoSuchLine "ssh-rsa AAAA..... admin"
        }

> 2.    Do you think it would be possible to build an authorized_keys file
> on the fly if you had each sysadmin's public key as a line in an editfiles
> statement?

See above.

> 3.    Taking this even further, could a sysadmin's public key
> automatically be copied from their home directory and updated on the master
> cfengine repository to be included in an editfiles statement.  (This last
> action would allow anyone to regenerate their ssh key using ssh-keygen and
> have cfengine automatically update all authorized_keys files on all servers
> they have access to)

A little perl on the repository server could do this, but I don't see
that much changes on admin keys.

Regards,
Armin Wolfermann




reply via email to

[Prev in Thread] Current Thread [Next in Thread]