Ask Your Question
0

best practice to manage private ssh keys

asked 2016-03-17 04:55:33 -0500

teleivo gravatar image

Dear all!

I am wondering how I should manage my private keys of hosts/users.

My setup: Infra is managed using puppet control repo with roles/profiles and r10k. I have a puppet master + puppetdb, foreman as dns, dhcp, pxe and external node classifier. I use https://github.com/ghoneycutt/puppet-... to manage ssh/sshd. The hosts public keys are exported to puppet db and collected so /etc/ssh/sshknownhosts is set with all known public keys.

Now what I am missing is: Managing private ssh keys of hosts and users. So I can rsync, git clone, ... via ssh between servers.

I am thinking of: Manually creating ssh keys with ssh-keygen for users/servers, putting these files into my puppet control repo and managing these files with puppet. Setting up hiera-eyaml with gpg to encrypt these files.

Is this a sound approach? Am looking forward to hearing how you solve this :) Thanks a lot!

edit retag flag offensive close merge delete

1 answer

Sort by ยป oldest newest most voted
2

answered 2016-03-17 05:06:08 -0500

Yes, I use hiera-eyaml to manage private keys.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2016-03-17 04:55:33 -0500

Seen: 672 times

Last updated: Mar 17 '16