On Jan 26, 1:42 pm, Christopher Wood <christopher_w...@pobox.com> wrote: > On Thu, Jan 26, 2012 at 06:32:49PM +0000, Dan White wrote: > > I am relatively new to both Puppet and ssh-keys, > > but is it possible for the PuppetMaster to generate all the keys rather > > that each client creating their own ? > > This might be one of the places where erb (templates) being evaluated on the > puppetmaster will help. I'm just speculating, but there's no technological > reason why the puppetmaster shouldn't use erb/ruby to fork ssh-keygen and > store the result in some local directory. The puppet template can either > create a private key, or copy in the results of a previous ssh-keygen run. > > I don't see technical obstacles, only security obstacles. You may not want > all your ssh private keys stored in one place, for instance. > Agreed, My first thought is to be sure a backup of the private keys is kept current and separate - and possibly in multiple locations. Any other security considerations one should consider ?
In my current workplace, ssh keys are used for remote machine logins and the individual user is responsible for maintaining their own private key. I am not completely happy with this arrangement, and I am looking for information to use to make some intelligent suggestions for change. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
