HPE Community
Operating System - HP-UX
1827234 Members
2493 Online
109716 Solutions
New Discussion

Re: Centralize ssh keys - is Radius server the answer?

 
SOLVED
Go to solution
TwoProc
Honored Contributor

‎05-19-2008 08:11 AM

‎05-19-2008 08:11 AM

Centralize ssh keys - is Radius server the answer?

Hi all,

I want to centralize my ssh keys, so that I don't have so much work to do to keep up with the user key administration. Is a Redius server the answer? Recommendations of which one and where to get?

Many thanks in advance.
We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎05-19-2008 09:05 AM

‎05-19-2008 09:05 AM

Solution

Re: Centralize ssh keys - is Radius server the answer?

Shalom TwoProc,

I find it sufficient to have a central "master" server and distribute its ssh keys to all other servers, thereby permitting access.

This can be maintained by a simple script.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
TwoProc
Honored Contributor

‎05-19-2008 09:17 AM

‎05-19-2008 09:17 AM

Re: Centralize ssh keys - is Radius server the answer?

Steven,

Thanks for your reply. I'm looking for a better solution b/c your solution would require me to slosh keys around server to server using a root login - which I'm supposed to try and get away from.

Would a radius server a possible good answer?
We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
TwoProc
Honored Contributor

‎05-19-2008 02:25 PM

‎05-19-2008 02:25 PM

Re: Centralize ssh keys - is Radius server the answer?

Bummp
We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎05-19-2008 04:17 PM

‎05-19-2008 04:17 PM

Re: Centralize ssh keys - is Radius server the answer?

We would need to know more about the question. So what exactly is giving you so much work?

Is password authentication disabled in your environment? Any other special restrictions? (If the users can use passwords and don't have any special restrictions on their accounts, they generally can set up their keys on their own.)

You obviously have some X number of machines, and your users might be ssh'ing into them and/or between them some combinations, right? Is it any-to-any or something more limited?
Are your users smart enough to use a SSH agent? Could you (as regards security requirements) allow the use of SSH agent forwarding in between your hosts?

Are your users SSHing in from a) machines you control, b) machines centrally controlled by someone else (e.g. domain-connected Windows PCs), c) some non-centrally maintained environment?

You obviously don't have centralized user home directories (on NFS or otherwise), else your problem would tend to solve itself.

MK
MK
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.