Marc Haber <[email protected]> writes: > On Mon, Jul 02, 2012 at 02:29:53PM -0700, Russ Allbery wrote:
>> Ah, okay. For that use case, the only thing that you would care about the >> user home directory containing is the authorized_keys file, correct? > known_hosts and the key itself. Oh, right, for the client. Yes, yes. Well, personally I would not consider either the client's key or the known_hosts file to be configuration files. Why not generate the client's key automatically with ssh-keygen on client package installation, and then let it discover the known_hosts configuration via some mechanism, leaving both of those in /var/lib? That would satisfy the requirement that the admin not have to touch things in /var/lib to make the package work, and would also simplify setup (since then building the authorized_keys file is just a matter of catting together the id_rsa.pub files). You could of course still document the file locations so that admins *could* override things if they wanted, which I think is still within Policy. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
