Wiki

User Tools

Site Tools

Trace: backup_using_rsync troubleshooting
ssh:distribute_public_keys

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
ssh:distribute_public_keys [2016/12/05 15:34] peterssh:distribute_public_keys [2019/12/04 21:23] (current) – removed peter
Line 1: Line 1:
-====== SSH - Distribute public keys ====== 
- 
-For a bunch of networked servers, I'd rather recommend one of the two following approaches: 
- 
-  - Store SSH keys in LDAP (OpenSSH servers generally will require LPK patch set). 
-  - Provide CA signed certificates to your users and keep a certificate revocation list to centrally disable certain certificates. 
- 
-===== Using generic configuration management software ===== 
- 
-Any generic configuration management software like [[http://reductivelabs.com/products/puppet/|Puppet]], [[http://www.opscode.com/chef/|Chef]], [[http://trac.mcs.anl.gov/projects/bcfg2|Bcfg2]] or [[http://www.cfengine.org/|cfengine]] could accomplish the task. 
- 
-[[http://ansible.cc/docs/modules.html#authorized-key|Ansible]] is a very lightweight CM system that has a module to muck with authorized key files over ssh. 
- 
-[[http://code.google.com/p/ssh-keydb/|SSH KeyDB]] is meant to do exactly that, administrate roles, servers and users, distribute user keys, gather host keys etc.  It even has something called "locations". 
- 
- 
-===== Using cron ===== 
- 
-Since the **authorized_keys** file is not that complicated, you could also use **rsync** or a (D)SCM like **git** or **hg** to manage this file. 
- 
-You have the "master" file on one of your servers and serve it via rsync/git/hg/….  On every other server you run a cron job which periodically retrieves the master copy (if it was changed) and copies it to the correct local location.  This would even work with pure HTTP or FTP. 
- 
-Let the "clients" (the computers, which should have the current authorized_keys file) fetch it from your master server and deploy it locally. 
- 
- 
-===== Using a bash script ===== 
- 
-A very easy solution, that does the same with firewall-rules 
- 
-Example file hosts.conf: 
- 
-<file bash hosts.conf> 
-192.168.0.1 
-192.168.2.99 
-192.168.2.100 
-</file> 
- 
- 
-<file bash distribute.sh> 
-#!/bin/bash 
-for d in `cat ./hosts.conf`; do 
-  echo "copying to $d ..."; 
-  scp /root/.ssh./authorized_keys root@$d:/root/.ssh./authorized_keys 
-done; 
-</file> 
  
ssh/distribute_public_keys.1480952047.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki