Menu
▾
▴
#73 Create ssh key management system
Something needs to be worked out to manage ssh keys.
When a new key is added, or a key is changes (ie a
server is re-named, or re-built), then the key should
be added to a central repository, so the clients do not
get ssh key warnings.
This should be pretty simple to collect and maintain
the keys, a quick method to distribute those keys needs
to be worked out. This is an issue when cnames are
used to reference servers in a generic way (ie
print.cisco.com, ceps-dist[123].cisco.com, ect). A
user should not be given a ssh warning if they are
accessing print.cisco.com, and this cname is moved to
another print server.
Of course this could intriduce security concerns if
someone were to hijack one of the cnames used (ie Mr.
Hacker takes over the name print.cisco.com), so
whatever is done should do some checking to ensure that
if a key is updated in the repository, that the update
request came from a authorized source.
This along with ppd distribution may be well suited for
something like a coda file system, or some other cached
network file system. Then a change can be added on a
central server, and it's instantly available everywhere
when requested. (see RFE# 872682)
Ticket moved from /p/ceps/feature-requests/64/
Can't be converted: