[talk] ssh host keys
njt at ayvali.org
Fri Mar 22 22:26:48 EDT 2019
* Jesse Callaway <bonsaime at gmail.com> [2019-03-22 15:30:37-0700]:
> I have a hard time getting this right while also doing batch
> operations over ssh to a bunch of hosts. Aside from host keys in LDAP
> or secure DNS how do others ssh to hosts that rotate through IP
> addresses frequently?
If your config management tool supports it, then it is recommended that
you use its ability to run ad-hoc commands on whatever subset of hosts
that you want:
An example of this is Ansible and its -a feature or shell module:
ansible -m shell webhosts -a "sudo service apache24 restart"
If your config management tool does not support it (some cfg mgmt tools
have a philosophy of not supporting ad-hoc commands, a sentiment I
disagree with, but whatever), or you are not running a config management
tool, a good alternative is parallel-ssh:
pssh and its family suite of tools (pscp, prsync, pnuke, and pslurp)
require some minor setup, eg.: if you are using pssh over some large
number of hosts, you may want to use ssh-keyscan or something similar to
grab hostkeys, and then possibly setup sudoers to run without tty, etc.,
but once you get the hang of it, it works nicely enough.
More information about the talk