diff options
Diffstat (limited to 'src/linux:updating_ssh_keys_across_an_environment.adoc')
| -rw-r--r-- | src/linux:updating_ssh_keys_across_an_environment.adoc | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/src/linux:updating_ssh_keys_across_an_environment.adoc b/src/linux:updating_ssh_keys_across_an_environment.adoc new file mode 100644 index 0000000..8f489a0 --- /dev/null +++ b/src/linux:updating_ssh_keys_across_an_environment.adoc @@ -0,0 +1,53 @@ +Updating SSH Keys Across an Environment +======================================= +:author: Aaron Ball +:email: nullspoon@iohq.net +:revdate: February 15, 2016 + + +== {doctitle} + +Most Linux environments with a sizeable number of servers generally use keys to +perform tasks from simple manual administration to gathering manifests, backing +up config files across an environment, and really any kind of automation. This +is because automation is effectively useless if you have to type a password +repeatedly to use it. + +I recognize that statement isn't entirely true with the increase in popularity +of the various configuration management tools such as Puppet, Ansible, Chef, +SaltStack, etc. However, even with those tools (excepting ansible, since it +requires ssh keys to function as well) there are certain edge cases where +programatic login is still useful to have an ssh key configured. + +That said, if a key is installed to several servers in an environment, like +with passwords, it is prudent to cycle this key (or keys) frequently to prevent +potential breaches in security that involve the login keys. To make this +process a bit easier, I wrote link:src/nullspoon/keymanage.git[a script] that +handles the process of key swapping. + +With the keymanage script, you can execute the following operation on a list of +servers... + +* push a new key, being prompted for a password (it caches, so you will only be + prompted once) + +* push a new key, using another key for passwordless login + +* delete a remote key, again being prompted for a password, or using an ssh key + to do passwordless logins + +* Swap a remote key with a different key. Note that this operation is seamless + in that it uses the key to be removed for initial login, then the new key to + remove the old key. + + +I hope this script is useful to folks out there. If you have any questions, +comments, or improvements you'd like to make, send me an email and/or pull +request at {email}. + + +Category:Linux + +[role="datelastedit"] +Last edited: {revdate} +// vim: set syntax=asciidoc: |