SSH keys management system

ssh puppet keys

I'm looking to switch from password based (which I starting to become overwhelmed with) to SSH keys based system.

I'd like to know if there any SSH keys management system or server solution, which would allow me to distribute and revoke keys over machines?

Or the best approach is to use Puppet for this task? If yes, then would the approach of single key-pair per client machine (described here: Best system for managing ssh keys?) be the best?


Solution 1:

Yes, Puppet is the right way to do this, and from that other question, Option 3 seem to be the most sensible (as well as being the accepted answer [always a good sign!]).

There's a ssh_key module for puppet which makes the whole thing trivially easy.

Solution 2:

SSH is nice, but when you start to scale to large numbers of keys and ACLs, it gets ugly fast.

Kerberos was designed to operate in this sort of environment (lots of ACLs, key revocation, etc.) User management with kerberos is a pain, but if you've got a very small number of users, it is pretty easy.

Related

Why poll is not replaced with epoll?
MSMQ very slow to receive messages
How to monitor activity on a single table using SQL Server profiler
Can Windows 7 do software RAID 10 (1+0)
Does the Read-Only configuration of a DC apply only to Active Directory?
Virus that tries to brute force attack Active Directory users (in alphabetical order)?
What Apache/PHP configurations do you know and how good are they?
SSL peer was unable to negotiate an acceptable set of security parameters
Zone transfers on a split-view Bind DNS system
Stdout/stderr redirects in start-stop-daemon
HP access points sending out multicast packets from IPs that aren't their own
Load Balancing long running TCP connections