[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CFEngine and Road Warriors with dynamic IPs

From: Jason Edgecombe
Subject: Re: CFEngine and Road Warriors with dynamic IPs
Date: Tue, 03 Jan 2006 19:37:59 -0500
User-agent: Mozilla Thunderbird 1.0.6 (Macintosh/20050716)

Andreas Küchler wrote:


i'm just experimenting with cfengine. In my situation i have a central
server with fixed ip address and many machines with changing ip
addresses (DSL Road Warriors).

My current implementation relies on SSH Key trust where the clients hold
the public key of the server and thus allow him to make changes (true
this is a push method and you'll say that pulling is better, but hey
this is obviously just the reason i'm looking for cfengine as
replacement solution ;-))

I've tried to set up a central cfengine server and establish a trust to
a client. As long as the client keeps it's ip address all goes well. But
this ideal situation only lasts 24 hours until the german isp kills it's
connection and assigns a new ip.

Using HostnameKeys = ( on ) is also no solution because cfengine uses
the dns name via reverse lookup for the host - which obviously is not
the name of the client but the dummy name the isp has configured for the
RoadWarror IP the client just bought.

Is there any way to use the ssh keys one can generate with ssh-keygen
instead of the automated approach cfengine tries? Has anyone a solution
for my problem? Am i missing some obvious point?

I forgot to mention a 4th option.

4. give all road warriors the same crypto key. It would be a "shared secret" for all of the road warriors.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]