I was wondering if there are any secure methods of centrally managing the versions of certain files on Debian machines. I currently have a woody, two sids and several potatos which need to be kept up to date. The security patches are not much of a concern since they are quite infrequent (except for woody and sid where I do not discriminate between security, bug and other fixes) but certain configuration files change often, like the files /etc/ssh/ssh_known_hosts*. Every time a new host is added into the network, I need to add its host key into the others' known_hosts and copy the all default configuration files into the new host as well. There are quite a few of these that are easily forgotten. Forgetting to copy some files like /etc/printcap is soon noticed and fixed, no harm done, but files like /etc/pam.d/* are not. And results in decreased security! I am now considering different possibilities of doing these updates by simply saying "update-debian-machines" on one of the computers. It would require some shell scripts and asking the relevant passwords it would keep me waiting at my console. I do circumvent the login passwords with ssh/DSA auth, but resenting root logins over the net, I would still need to type sudo's passwords. Now, is there a package to do this or which could be easily converted to do this? Otherwise I will fall back to scripting. In that case, which is the safest option? Currently I am considering configuring sudo to enable the admin user to execute a single script (mods 0700) without a password or just chmod that script 4700. I am not certain about the first, but the latter would be as secure as my connection (ssh2) and my real password. The real password being broken would mean unlimited access to sudo (it is the admin, after all) so I am not worried by that part. Also, the ssh connection part worries me a little: I would basically be giving root access to all our machines to anyone who can steal/spoof/abuse my ssh private key. I can think of three scenarios to compromise the network: 1. To break into my admin console, so as to get my DSA private key (mod 0600) and break its passphrase. 2. To break into my admin machine (Getting on any machine would not do - the DSA key only exists on one, so the cracker would need to break into my admin console.) and steal my DSA key while it is being used. Ssh-agent keeps the key (or does it keep the passphrase? in this case it does not matter) in memory so this should be possible at least for root on a machine with /dev/mem. 3. Break into one of the other machines, use the suided script to trojan the system and propagate to the other machines that way. The last one might prove difficult: the admin user on non-admin-console machines does not have any DSA keys used for password-less authentication - so this basically means breaking into a single machine which I am not concerned of here. Breaking into a single machine should be about equally difficult for all machines, since I doubt my little scheme would be the weakest link in security. The only problem I can see is in 1. and 2. - could the DSA key be abused to automatically root all the machines? Ideas?
-- ----------------------------------------------- | Juha Jäykkä, [EMAIL PROTECTED] | | home: http://www.utu.fi/~juolja/ | -----------------------------------------------