[SAC] Question about switching to SSH key based logins
tech_dev at wildintellect.com
Tue May 29 15:55:48 PDT 2018
Apologies for not the making the last meeting. Just going over the notes.
For "TODO: All people with shell access should change their passwords
and only log in with ssh key."
Is there a recommended method by which we plan to install people's keys?
How does this help if people still need to use passwords to elevate to
sudo and that hit's LDAP? I do realize it does at least remove sending
passwords for logins.
I think we found deploying keys via LDAP to be a dead end. The only
other method I've used is Puppet, where the public keys are kept in a
repo and configured to deploy to particular machines.
Any other ideas?
More information about the Sac