Le 26/02/2011 08:46, Luis Esteves a écrit : > > Yes, relay_domains, sender_access, ....and more. > > Maybe the easier solution is to use the ssh/keys, but is it not dangerous to > store private keys on a DMZ ? >
Use a trusted host in a trusted place to push the configuration to all your servers. This is typically done from a management zone connected using a management network. so on the trusted host, you can have an ssh agent so that you don't need to type your pass phrase too often, but still lock the key when you don't need it. as for communicating with the servers, you have many options. - you can use sql, possibly with replication - you can use rsync over ssh to copy/sync files to the servers - if you need to run commands from time to time, use cron with a local script. this script could check for changes and run custom commands. - if you need to run specific commands "now": you can use ssh with a forced command to restrict the damage should the key be compromised/theft. - another way to restrict the list of commands is sudo - ... etc > [snip]
