[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] Command name
- Subject: [ale] Command name
- From: nym.bnm at gmail.com (Brian MacLeod)
- Date: Tue, 11 Oct 2011 11:51:31 -0400
- In-reply-to: <007201cc87c5$34115540$9c33ffc0$@com>
- References: <CAEo=5PwZur_oXD3--1HevZnZxnuqcZb0P2YwD5XFOX_80DMUOA@mail.gmail.com> <CABGzhdsDss5jwpvwS+HuKSAHY608EpoBnAbp8nBtB-ug7KewnA@mail.gmail.com> <CAAUyTtjR3TqtPA0hTdgx9_-j1CDN=YzihGoi6URFpLc8ahWHYw@mail.gmail.com> <CAEo=5PyFvDGffpgq+SbYY70EvnApmuqzzAUE8E=8bxkWi7pmhg@mail.gmail.com> <[email protected]> <007201cc87c5$34115540$9c33ffc0$@com>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 10/10/11 11:23 PM, Robert Heaven wrote:
> The really hard part of using ssh keys is not the initial
> distribution of the keys, it's the long term maintenance problems.
> To solve both issues, one simple way is:
>
<snip>
>
>
> I'm still thinking through the issue of changing the key, in case
> it ever gets lost or compromised.
Using a centralized configuration engine (cfengine, puppet, and the
like) makes this a lot easier (initial and subsequent distributions).
Also require a completely different key set or other options to the
primary management server in case of compromise.
Brain
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
iQE4BAEBCAAiBQJOlGYDGxhoa3A6Ly9rZXlzZXJ2ZXIudWJ1bnR1LmNvbQAKCRD5
XCJY/q4Y6KDTB/9sT9I3MYTY8JbyOolnLl+nmucNpVUsFHPuSVwb531sOXWNQT6t
V12pj3yDo2Zdn1IHnV7CALLjepHxLAXD4akw+UakVnl4vf2yrQme0Be7moDV0Wbx
t3j1UIkTgIm1OTKQCInz3bqq/ouGewL5/SEd23h0BnqKUH5pLenkNCQ3d8w7DzXU
0U7FXBfDfAl6gC5e5jRdGYpu1yYHboHOSW3KNs6Put3rGhFWwA+MPQSoWY2bcURr
cXrvmFTi4I8wd/m+CFtl+WiLfPeI/Kg2uGQQMMQd11CmkkQoqPDZE0dh+nhoJkx8
ZioE6ghtLk6uK4Rj4V4WyhlyR7EgfsMYWkal
=5852
-----END PGP SIGNATURE-----