[SAC] [sac/ansible-deployment] Install SAC members public SSH keys on LXD hosts in ~tech_dev/.ssh/authorized_keys (#5)
Sandro Santilli
strk at kbt.io
Thu Dec 31 07:06:51 PST 2020
On Thu, Dec 31, 2020 at 06:51:51AM -0800, Markus Neteler wrote:
> >
> > I took a look and the sets of keys on the 3 different LXD hosts (osgeo3,
> > osgeo4, osgeo7) are different. Shall we have per-host set of keys or does
> > it make sense to have a single set for all ?
>
> Perhaps a single set for all is a bit of a security risk (say, it increases the attack surface). If per-host set of keys management isn’t too complicated I’d favor that. Just my 0.02 cents.
It's not properly _all_ hosts, just the bare metal machines.
All service hosts are already or are going to be lxd containers,
and will use the "shell" ldap group and the pubkeys installed there
autonomously by each user.
I've deployed the single full set now to osgeo4 and osgeo7
--strk;
More information about the Sac
mailing list