|
|
|
|
|
|
by lrvick
3810 days ago
|
|
|
I tend to store authorized ssh public keys in a database then configure all servers with the appropriate AuthorizedKeysCommand in sshd_config to fetch them on the fly. I also tend to include some form of caching in case the connection to the database is broken. With this I can maintain keys for an entire cluster centrally. This is all in place with open source configuration and tooling on https://hashbang.sh (https://github.com/hashbang). It is implemented with LDAP+sssd there. Feel free to pop in as we love discussing this stuff. We have done similar with etcd as the backing database at my employer. |
|
|