Hi all,
I'm trying to automate setup of SSH keys during Jumpstart installations,
and I'd like some advice from anyone out there who's dealt with this
already.
I'm trying to make the farm of machines my users use as easy to use as
possible. My users really would rather not deal with key's, known_hosts,
etc. Right now they still prefer rsh, so I'm trying to setup something
that will replace it as invisibly as possible.
Unfortunately the machines in the farm, get re-installed quite often.
After reading through the docs, I've decides that if I want to protect
the users from needing to answer 'yes' to adding a host to their person
known hosts (or worse manually removing an old key from it first) then I
really need to keep an up to date system wide known_hosts file.
That brings me here. The two ideas I've had for this, both seem to have
advantages and disadvantages, and both seem to have their own security
risks. So I'm curious if anyone thinks one of these is better than the
other, or if anyone has any other ideas.
Idea 1:
Pre-generate the host keys, or record the current ones from the hosts,
and have Jumpstart restore them during installation.
Other than some secure transfer mechanism that I haven't thought of yet,
this obviously has the issues of the JumpStart NFS directory being
shared 'ro,anon=0', and even files readable only by root can be read by
anyone, thereby destroying the secrecy of the private keys.
Idea 2:
Have the host generate a new key pair, and create some mechanism for it
to publish the public half to the system-wide known_hosts file.
This at least allows the private keys to be kept secret, but I'm not
sure how the 'publishing' mechanism can be secured in such a way so that
new public keys can't be maliciously published by anyone?
As always this is a balancing act between ease of use for users and
security. My security requirements aren't super strict, (anything is
better than we have today) so my goal here
is to make it as secure as I can without making the users jump through
hoops.
Am I missing something? Any advice?
-Kyle
