[Infrastructures] Distributing private key information at install time

[Brendan Strejcek]

On 10/4/06, Willemse, Menno <Menno.Willemse@johnguest.co.uk> wrote:

> The prevailing wisdom seems to be that you use a boot CD with
> a temporary key to do the re-install

This seems unnecessarily manual to me. I don't think it would scale
very well. How many machines are you managing?

> or that you somehow keep the old keys on the system where they
> won't be erased by the reinstall.
> ...
> centralising the known_hosts file. That may be another way around
> this problem: after a reinstall, scan the box' host key and have all
> other machines pull down the file on a regular basis.

Are you using any sort of centralized configuration management system?
How do you propagate configuration changes to live machines?

An ssh key pair is really no different from any other bit of
configuration data, and is easy to centralize. Without more
information about your particular infrastructure though, it is hard to
offer more concrete suggestions.

Best,
Brendan

--
http://praksys.blogspot.com