General discussion about Chef

[chef] Re: Re: Re: Re: Re: Re: Re: `knife ssh` to multiple servers with passphrase on key


Chronological Thread 
  • From: Pete Cheslock < >
  • To: " " < >
  • Cc: " " < >
  • Subject: [chef] Re: Re: Re: Re: Re: Re: Re: `knife ssh` to multiple servers with passphrase on key
  • Date: Fri, 22 Feb 2013 17:15:04 -0400
Considering the command used below was sshing into machines as root, I think any talk of security being important goes out the window IMHO.  



On Feb 22, 2013, at 4:52 PM, Dan Razzell < "> > wrote:

Workstations are often the weakest link in the security chain.

Considering that you're now using that workstation to remotely administer multiple critical servers, it had better be the strongest link.

On 13-02-22 12:21 PM, Andrea Campi wrote:
" type="cite">
I don't understand. Are you worried that someone is going to hack your workstation, escalate privileges to root and retrieve you SSH keys off of ssh-agent's memory?

Then, sir, you are way more paranoid than I am; and I'm pretty paranoid. Respect :)


On Fri, Feb 22, 2013 at 9:13 PM, Dane Elwell < " target="_blank"> > wrote:
Thanks for the advice guys.

Just in case anyone wants to know how I did it, this worked for me:

    ssh-agent sh -c "ssh-add && knife ssh -p2020 -x root 'name:*' 'ls -a'"

I'll have a look at Keychain as that may be useful, however security
is important so I doubt we would want to keep the key available longer
than necessary!

Dane


Archive powered by MHonArc 2.6.16.

§