[CentOS-virt] server host keys for kvm clones
Karanbir Singh
mail-lists at karan.orgThu Jan 5 15:09:23 UTC 2012
- Previous message: [CentOS-virt] server host keys for kvm clones
- Next message: [CentOS-virt] server host keys for kvm clones
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 01/04/2012 08:14 PM, Ed Heron wrote: > Is there a process for pre-generating keys so these keys > and .ssh/known_hosts can be pre-filled for all users/hosts? yes there is.. look at the sshd initscript, and poke the do_*_keygen functions; they will tell you exactly what happens when those keys are auto-build on first boot, or when someone removes them. I use config-management tools in the kickstart %post to drop in pre-built keys, that also means my management infrastructure already knows what key-signature to expect on a remote machine when it boots for the first time and I can do some level of trust management based on that. Keep in mind that you need to have your provisioning happen in a fairly secure environment itself, if you are going to add trust points on signatures like this - specially if they are 'generated' on demand. -- Karanbir Singh +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh ICQ: 2522219 | Yahoo IM: z00dax | Gtalk: z00dax GnuPG Key : http://www.karan.org/publickey.asc
- Previous message: [CentOS-virt] server host keys for kvm clones
- Next message: [CentOS-virt] server host keys for kvm clones
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS-virt mailing list