[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TrustKeysFrom .. a host netgroup?
From: |
Marion Hakanson |
Subject: |
Re: TrustKeysFrom .. a host netgroup? |
Date: |
Mon, 13 Jan 2003 17:10:30 -0800 |
Folks,
The approach I've taken for adding new hosts is to use "cfrun" on
the globally-trusted policy server to contact the new host (once
cfservd is running on it). If you run cfrun interactively, it
will prompt you, asking you if you want to trust this new host.
If you say "yes", it will accept and save that new machine's host
key for future reference.
This way you can more-or-less permanently trust just the policy
host (better, include a backup policy host) in your config files,
and not have to mess around with adding & subtracting trust on the fly.
You can manually delete obsolete hosts' keys from the policy host(s),
as desired.
If you add a large number of hosts, you can use "cfrun -T" and
force cfrun to trust all the new hosts encountered during that
single cfrun invocation.
For what that's worth....
Regards,
--
Marion Hakanson <hakanson@cse.ogi.edu>
CSE Computing Facilities