- From: Nico Kadel-Garcia <
>
- To: "
" <
>
- Subject: [chef] Re: private keys
- Date: Fri, 4 Sep 2015 09:13:19 -0500
- Accept-language: en-US
- Acceptlanguage: en-US
If it's root keys you need to manage, and the SSH server can reach the
nominal SSH client, it can be reasonable to use ssh-keyscan to obtain the
public hostkeys and use. The private hostkeys on the client end. There are
security ramifications of this, but it!s very quick and easy to update.
Alternatively, the rsnapshot tries to do what you ask, but suffers the same
problem as the current 'users' cookbook. It leaves plaintext of SSH private
keys on the chef server, where *any* client can read them.
Nico Kadel-Garcia
Email:
Sent from iPhone
>
On Sep 2, 2015, at 11:46, "K. Adam Wolfe"
>
<
>
>
wrote:
>
>
Hello, all.
>
>
What is the opscode-recommended method for managing ssh keys - private
>
keys in particular?
>
>
My aim is to create the rsa keypairs on source nodes, then have the pub
>
key added to another user's authorized_keys on destination nodes;
>
preferably in databags / encrypted. Ideally having unique keypairs for
>
each source node.
>
>
>
>
- [chef] private keys, K. Adam Wolfe, 09/02/2015
- [chef] Re: private keys, Nico Kadel-Garcia, 09/04/2015
Archive powered by MHonArc 2.6.16.