[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Mon Dec 20 10:40:56 2004 -->
- <!--x-from-r13: cvmmn ng funsgarg.bet (Eghssrq Qehfg) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] ssh for automated management -->
- <li><em>date</em>: Mon Dec 20 10:40:56 2004</li>
- <li><em>from</em>: pizza at shaftnet.org (Stuffed Crust)</li>
- <li><em>in-reply-to</em>: <<a href="msg00640.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00611.html">[email protected]</a>> <<a href="msg00612.html">[email protected]</a>> <<a href="msg00619.html">[email protected]</a>> <<a href="msg00640.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] ssh for automated management</li>
And what happens when one of these systems is compromised? You've gotta
go change out all of the keys everywhere, and guess what, your whole
distribution mechanism is compromised. So much to doing it
automatically -- the compromised system will also get the new key.
Honestly, a system for key distribution is trivial. When every machine
is provisioned (presumably in a controlled environment by a trusted
person) its public key gets copied over to the central keyserver. If
a single machine gets it, its corresponding key gets nuked.
But if you don't care about unauthorized access to your update server,
no big deal, rsync over ssh still secures the transport stream.
...straight rsync isn't adequate for anything other than file copies
though. What happens if you need to, say, "run this script on all
systems" instead? That raises a whole new layer of angst.
- Pizza
--
Solomon Peachy ICQ: 1318344
Melbourne, FL JID: pitha at myjabber.net
Quidquid latine dictum sit, altum viditur
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00685" href="msg00685.html">[ale] ssh for automated management</a></strong>
<ul><li><em>From:</em> jkinney at localnetsolutions.com (James P. Kinney III)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00611" href="msg00611.html">[ale] ssh for automated management</a></strong>
<ul><li><em>From:</em> dcorbin at machturtle.com (David Corbin)</li></ul></li>
<li><strong><a name="00612" href="msg00612.html">[ale] ssh for automated management</a></strong>
<ul><li><em>From:</em> mike at tyderia.net (Mike Murphy)</li></ul></li>
<li><strong><a name="00619" href="msg00619.html">[ale] ssh for automated management</a></strong>
<ul><li><em>From:</em> dcorbin at machturtle.com (David Corbin)</li></ul></li>
<li><strong><a name="00640" href="msg00640.html">[ale] ssh for automated management</a></strong>
<ul><li><em>From:</em> jkinney at localnetsolutions.com (James P. Kinney III)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00662.html">[ale] Free to a good home(y)</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00664.html">[ale] Question on Current Red Hat Update Policies</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00640.html">[ale] ssh for automated management</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00685.html">[ale] ssh for automated management</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00663"><strong>Date</strong></a></li>
<li><a href="threads.html#00663"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>