Hacker News new | ask | show | jobs
by lrpublic 2239 days ago
Trusting a central control server is the fundamental mistake here.

It creates a very high value target that is difficult to secure.

I prefer a model where the management commands are signed at a management workstation and those commands are pushed by the server and authenticated at the managed node against a security policy.
1 comments
brianjlogan 2239 days ago
What configuration management tools use this methodology?
link
lrpublic 2239 days ago
A couple that I’ve built - they are not commercially available.

I’d consider open sourcing something based on them if there’s sufficient interest.

Perhaps as an integration for one of the major players.

link