[Infrastructures] Distributing private key information at install time

[Wesley Craig]

On 02 Oct 2006, at 12:07, Willemse, Menno wrote:
> This always gets me thinking: Is there a cryptographically sound  
> way to restore the key information to the client from a file on the  
> install server?

We give admins boot CDs which contain an individualized key which  
expires.  The admin can burn this CD with a short expiration many  
times, if they happen to be installing a large number of machines.   
Typically they carry a CD with a longer term key with them, for  
troubleshooting.  The key on the CD identifies the admin to the  
centralized server(s), so they are allowed to retrieve the ssh key  
files (among other things) that they're responsible for.  Down side  
of the system is that CDs might be stolen.

:wes