SSH keys management system

I'm looking to switch from password based (which I starting to become overwhelmed with) to SSH keys based system.

I'd like to know if there any SSH keys management system or server solution, which would allow me to distribute and revoke keys over machines?

Or the best approach is to use Puppet for this task? If yes, then would the approach of single key-pair per client machine (described here: Best system for managing ssh keys?) be the best?


Solution 1:

Yes, Puppet is the right way to do this, and from that other question, Option 3 seem to be the most sensible (as well as being the accepted answer [always a good sign!]).

There's a ssh_key module for puppet which makes the whole thing trivially easy.

Solution 2:

SSH is nice, but when you start to scale to large numbers of keys and ACLs, it gets ugly fast.

Kerberos was designed to operate in this sort of environment (lots of ACLs, key revocation, etc.) User management with kerberos is a pain, but if you've got a very small number of users, it is pretty easy.