Run into a brain puzzler, hoping you guys can help me find a good solution.
I have a rather long list of ssh config file entries for a variety of different customer servers. Right now I keep my own .ssh/config checked into a git repo so I can easily synchronize it across systems, which works really really well for one maybe two people. I'm trying to figure out how best to be able to share out with employees the customer entries, but not share my other personal system entries. Right now when I make updates I'm hand-editing out a separate file for employees that they then copy into their personal config, but that's going to get rapidly unwieldy. Ideally I'd love an Include directive in .ssh/config so we can all just checkout a '.ssh/company_config' that lives alongside each users personal .ssh/config, or even have them separated by customer. Only it looks like someone submitted an almost-working patch for this in 2009 to a different few places that never got worked on or integrated, and I've seen feature requests going back 5+ years with no progress on that front. So I'm not holding my breath. In lieu of being able to do ssh includes, a few people with the same idea seem to be doing things with ssh proxies that contain the more advanced configs, or running scripts in their bash profile that cat a bunch of disparate files together into one .ssh/config. We could make the company-wide config a part of the global ssh conf for every system we use it on, until we get to stuff like my jumphost at home that I share with my family and need that data to be account/profile specific. There are some enterprise tools that I believe could help manage all this, and things I could probably do with pam/domain policy/config management servers, I'm just finding us sitting right in a gap between 'that's probably overkill right now from a time and money perspective, but in the meantime we also have too much manage by hand much longer'. Anyone run into this before and figured out a graceful, easily-maintainable way of doing this on a small/medium scale? I'm not looking to invest a huge amount of time in building out custom tools, but anything that has a reasonably low barrier to entry/deploy is good. The issue isn't so much getting the raw data out to user systems, git handles that just fine as would a number of other options, it's managing how ssh knows where to find and use said data when it comes from different sources that I'm beating my head on. Tanks! -- Jill --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss