On 3/4/2010 10:58 AM, Tim Nelson wrote: >> >> What's the problem with key-based ssh directly as root? >> > > Not a thing, except I'd have to login and update that many systems before I'm able to get any real work done. Maybe I'll use the presented expect scripting (very similar to my test run) to get the appropriate keys installed, then proceed using puppet et all for the rest... > If you have the ssh-copy-id program that uses a one-time password based command execution to install the remote key, you could probably run it with expect. Personally I think it is better to include the key in all new installs that need central control instead of having the passwords all the same. -- Les Mikesell lesmikesell at gmail.com