AuthorizedKeysCommand idea

Stephen Frost sfrost at
Thu Jun 20 01:19:28 EST 2013

* Ben Lindstrom (mouring at wrote:
> Sounds like something that would be nicely paired with puppet, chef, or cfengine.  So
> it is managed.  

+1 ; Managing the sqlite (or whatever) file that's pushed out to the
clients using a CM system will address the 'box was down during your
push' issue because they periodically check in.

> It may be better from a security point of view to centralize that SQLite database, and use
> an existing protocols like https://  to talk to a CGI server to acquire the information.  

You'd cache it though, of course..?  Otherwise...

> Then lock
> it down via IP or secret tokens or whatnot.  It removes the "my machine was down" issue
> which could leave it out of sync (at worse leave keys around that you thought were gone).

If the 'my machine was down' is the CGI server, things get annoying.
It's possible to build an HA setup to address that, but seems like
overkill to me.  Having a file that's distributed to all the hosts
through puppet works well, imv; it's certainly what we do for individual
accounts currently.  Having a single file instead of a file per user
might be an interesting idea, but what happens if the file is corrupted
or unavailable..?  Seems worse than simply having an actual
authorized_keys file for each user, at least then you're limiting the
hurt to one account.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <>

More information about the openssh-unix-dev mailing list