[nycbug-talk] openssh in clustered environment

[Marc Spitzer]

On 12/12/05, pete wright <nomadlogic at gmail.com> wrote:
>
> funny you mention cfengine, as this is partly due to cfengine ;)
> trying to figure out a way to get the client ppkey's over to the
> master via an install script.  hmm...i guess I can kick around the
> idea of doing some sort of HTTP/perl/python thingy...

see all large env build processes are custom.  What os are you running on here?

one simple way is to put a set of default keys that are only good for
contacting a special server that you download real keys from and
insert the default keys in the build server packages.  and you
consider the keys server key to be short lived, replaced every 15-30
days.  you do not even need to delete the keys as they will time out
quickly and all new servers get the current set and are immediately
getting the data they need.  You can make this as fancy as you like.

marc
--
"We trained very hard, but it seemed that every time we were beginning to
form into teams we would be reorganized. I was to learn later in life that
we tend to meet any new situation by reorganizing, and a wonderful method it
can be for creating the illusion of progress, while producing confusion,
inefficiency and demoralization."
-Gaius Petronius, 1st Century AD