Re: [Kosmosfs-users] Problems to deploy
Status: Alpha
Brought to you by:
sriramsrao
Menu
▾
▴
Re: [Kosmosfs-users] Problems to deploy
|
From: Lamont G. <la...@sc...> - 2009-01-22 01:29:04
|
<rant> The leading thing that i immediately despised about KFS is the built-in configuration management via root-ssh-trust. That mechanism of doing configuration management won't survive any halfway decent security audit, and a major goal at my current work is to eliminate, minimize or deprecate going forwards all root ssh trust -- not to build new ssh trust. I've got cfengine installed on all my servers, i've got yum and custom yum repos installed on all my servers. I can very easily push out RPMs and configuration files and do things automatically. I don't really need or want another mechanism to do that, particularly one as annoying to use and maintain (apart from the security issues) as ssh trust is. Root-ssh-trust system adminstration is a 1995-era pratice that cannot survive in today's IT environment of SOX and PCI-DSS and ASP-driven contractual IT security auditing requirements of other companies (dealing with telco companies is particularly horrendous). And the CIS Level 1 Redhat documentation explictly specifies using "PermitRoot no" in /etc/ssh/sshd_config. And anyone playing with KFS should be using cfengine or puppet or bcfg2 or opsware or whatever and have yum or apt or some kind of configuration management / package management infrastructure. KFS shouldn't be trying to provide that. </rant> and sorry if that comes across a little overly forceful, my inbox today has been annoying me... http://en.wikipedia.org/wiki/Displacement_(psychology) On Wed, 21 Jan 2009, Tong-Hong Kuo wrote: > hi, > > You can create a ssh key to access machines via ssh without password prompt. > > > S. G. wrote: >> When I run: >> >> ~/Code/kfs/scripts$ python kfssetup.py -f machines.cfg -b ../build -w >> ../webui -s >> >> I get: >> >> cp: omitting directory `./scripts' >> tar: Removing leading `/' from member names >> a@127.0.0.1's password: >> a@127.0.0.1's password: >> > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by: > SourcForge Community > SourceForge wants to tell your story. > http://p.sf.net/sfu/sf-spreadtheword > _______________________________________________ > Kosmosfs-users mailing list > Kos...@li... > https://lists.sourceforge.net/lists/listinfo/kosmosfs-users > |