0

Possible Duplicate:
A system for distributing SSH public keys

Suppose that I have four servers (SA, SB, SC, and SD). I want to give user X access to SA and SB. I can do it easily by ssh -keygen -t RSA and then give X the id_rsa file. Now if I changed my mind and I want to give him access to SC and drop his access on SB. I can do it manually.
Now the question: What if I have 100 servers and 20 system admin. It would be very sophisticated process to handle it in such way. Is there a tool that can help me in managing access to servers more easily.

Community
  • 1
Alaa Alomari
  • 638
  • 6
  • 19
  • 37

4 Answers4

2

Generating / distributing keys is not the way to control access to individual machines. Use groups to determine whio should have access to particular machines (and setup sshd to only allow the group for that machine to connect).

symcbean
  • 21,009
  • 1
  • 31
  • 52
1

A tool like puppet can easily do this

http://docs.puppetlabs.com/references/latest/type.html#sshauthorizedkey

Mike
  • 22,310
  • 7
  • 56
  • 79
1

I know this is a rather complex approach, but in my opinion going with LDAP based netgroups, nss_ldapd and possibly augmented by sudo-ldap is the most integrated solution. Once LDAP is in place you get Kerberos SSO virtually for free as well.

al.
  • 925
  • 6
  • 17
0

Can an nis server not do what you want (in conjunction with setting ssh right) ? - seems to me like that'd be the easy solution. Otherwise, puppet.

Sirex
  • 5,499
  • 2
  • 33
  • 54