On Thu, 2005-04-21 at 18:36 +0200, Alexander Jolk wrote: > Hi, > > I'm copying my SSH host keys from all client machines to the server, in > order to generate a global known_hosts file on the server and > redistribute it to everybody. This worked quite nicely so far, but now > I'm running into heavy scaling problems---there's almost always one > machine blocking the server, which means the server has many cfagent > processes running, and connections get refused. > > Does anybody have an idea how to better organize things? I had already > used `ifelapsed=1440' in order to try to contact every client machine > only once a day, but cfengine would establish the connection anyway.
You might instead use the 'ssh-keyscan' program that comes with OpenSSH to collect the keys. I keep a file with a list of hosts and their aliases and re-run the keyscan whenever I add new hosts; I then distribute the output (which is in ssh_known_hosts format) directly from my cfengine server. It would get more tricky if I had hosts that weren't directly accessible (actually I do, but I haven't bothered too much with them). Wil -- Wil Cooley [EMAIL PROTECTED] Naked Ape Consulting http://nakedape.cc * * * * Linux, UNIX, Networking and Security Solutions * * * *
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Help-cfengine mailing list Help-cfengine@gnu.org http://lists.gnu.org/mailman/listinfo/help-cfengine
