We have a trusted root host from which we can ssh as root (via sudo) without the remote host's root password to any host that has the trusted host's root key. (Obviously the trusted root host is tightly secured.) I want Cfengine to ensure that the appropriate systems have that trusted host's root ssh key in their ~root/.ssh/authorized_keys files.
Otherwise, when you build a server (for example), to get the trusted ssh working, you have to ssh from the trusted host to the new system and answer yes when prompted to save the key. We're trying to eliminate that step. Justin -----Original Message----- From: nwat...@symcor.com [mailto:nwat...@symcor.com] Sent: Monday, March 01, 2010 11:54 AM To: Justin Lloyd Cc: Help-cfengine; help-cfengine-boun...@cfengine.org Subject: RE: Editing known_hosts files I'm still not sure why you might want to do this. Ssh already gives out public keys upon request. Why distribute them using CF? Are you looking to control incidents when the public key changes? Sincerely, -- Neil Watson 416-673-3465 This electronic communication and any attachments may contain confidential and proprietary information of DigitalGlobe, Inc. If you are not the intended recipient, or an agent or employee responsible for delivering this communication to the intended recipient, or if you have received this communication in error, please do not print, copy, retransmit, disseminate or otherwise use the information. Please indicate to the sender that you have received this communication in error, and delete the copy you received. DigitalGlobe reserves the right to monitor any electronic communication sent or received by its employees, agents or representatives. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
