On 31.08.2012 14:32, Sandra Schlichting wrote:
There's an sshauth module at http://projects.reductivelabs.com/projects/puppet/wiki/Module_Ssh_Auth_Patterns <http://projects.reductivelabs.com/projects/puppet/wiki/Module_Ssh_Auth_Patterns>that I've used successfully on a 2.7.x puppetmaster. It handles public & private key generation and exchange, but doesn't handle known_hosts. It doesn't require a DB backend though; the keys are stored on the puppetmaster and just pushed out to nodes that need them. That sounds exactly what I need =) About known_hosts. So that just means I have to login the first time myself, and answer "yes" to the fingerprint?
Err, no. In a well-maintained environment, it should never be necessary to manually approve a host key.
Usually you should always distribute all host keys to all clients with one of the common @@ssh_key Export/Collect patterns. That is totally unrelated to authentication though.
Regards, D -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
