[nycbug-talk] openssh in clustered environment

Marc Spitzer mspitzer
Mon Dec 12 16:09:58 EST 2005


On 12/12/05, pete wright <nomadlogic at gmail.com> wrote:
> Hey All,
> any links/hacks and tricks for distributing openssh key's in a large
> desktop and cluster unix environment.  ideally i'd like to have key's
> distributed to servers at buildtime.  catch is that most builds are
> automated so being prompted for passwords during the initial setup can
> not happen.  I've started kicking around using hostbased auth, but
> this is less secure and does not save any work when I can just script
> creating passwordless key's.  Still, the issue I forsee is having to
> manually distribute the key's for the first time (having to type a
> password atleast once to get a hsots public key into a servers auth.
> hosts file).
>
> what are you all doing to manage hosts in large mostly automated
> environments (more than 1000 hosts)?

it depends how you build them.  you could do any of the following:

1: scripted cvs/http/ftp download of the needed files
2: cfengine script
3: something else mentioned on this list, I think it started with hf,
and got good reviews
4: other stuff in ports
and others, what would work for you given your existing/planed infrastructure

marc


--
"We trained very hard, but it seemed that every time we were beginning to
form into teams we would be reorganized. I was to learn later in life that
we tend to meet any new situation by reorganizing, and a wonderful method it
can be for creating the illusion of progress, while producing confusion,
inefficiency and demoralization."
-Gaius Petronius, 1st Century AD




More information about the talk mailing list