[ale] Command name

Robert Heaven roberth1954 at aim.com
Mon Oct 10 23:23:52 EDT 2011


The really hard part of using ssh keys is not the initial distribution of
the keys, it's the long term maintenance problems. To solve both issues, one
simple way is: 

1. Create a common (unprivileged) User ID on all machines.
2. Select one server as the primary host and create the keys for the common
User. (ssh-keygen)
3. Copy the public key (id_dsa.pub, id_rsa.pub) to a public
repository/directory that can be exported with nfs.
4. Write a boot script, on all hosts, that will do a temporary nfs mount to
the common repository host and pull (cp) the public key into the common
User's $HOME/.ssh/ directory (naming it authorized_keys). (make sure your
boot script sets the ownership/privileges correctly)
5. Then, from the primary server, you can push (scp) the private key to
those selected hosts that need to initiate ssh connections.

I'm still thinking through the issue of changing the key, in case it ever
gets lost or compromised.


On 10/10/2011 04:55 PM, Jim Kinney wrote:
> Wanting to use a script to install ssh keys to a bazillion machines. :-)



More information about the Ale mailing list