Secure deploy of keys
Andreas Heinlein
aheinlein at gmx.com
Tue Dec 13 15:12:09 CET 2022
Hello,
I would be very interested if you find any solutions. By design, the FAI config space has to be somewhere where it is accessible without access control (anonymous NFS or whatever), and everything within it obviously has to be readable.
I guess you will need to find other solutions. As for the SSH keys, I am currently trying to publish SSH keys in DNS so clients can verify them. Haven't tested yet what happens when the client already has a (different) key in its known_hosts file, though.
Bye,
Andreas
Am 13.12.22 um 14:47 schrieb Diego Zuccato:
> Hello all.
>
> What's the recommended way to deploy (or re-deploy) security-sensitive objects (just to say one: private ssh key to avoid client warnings when redeploying a server)?
>
> TIA
More information about the linux-fai
mailing list