
SSHKeyDistribut0r: A tool to make SSH key distribution easier for sysop teams - tamier
https://github.com/Fachschaft07/SSHKeyDistribut0r
======
thesnider
Instead of doing something like this, it's often actually simpler and easier
to manage if you use the built-in ssh certificate feature. Check out
[https://www.digitalocean.com/community/tutorials/how-to-
crea...](https://www.digitalocean.com/community/tutorials/how-to-create-an-
ssh-ca-to-validate-hosts-and-clients-with-ubuntu) for an example of how to do
that.

Now, no one has to remember to push the keys whenever something changes, _and_
you no longer get spurious host key messages.

~~~
tamier
Sounds interesting, I will take a look. Thanks :)

------
jamescun
If you are managing enough servers to justify automating the deployment SSH
keys, you probably also have configuration management.

Why would you use this rather than your existing configuration management
system? The latter reuses existing infrastructure and is naturally more
concurrent and scalable.

I get this is a push mechanism and configuration management is generally pull-
based, alternatively tools like Ansible exist which can perform the same task
and then some.

~~~
tamier
Since we are the sysop team of a students council with very fluctuating
members, we have to keep our whole infrastructure as simple as possible. That
means: Very simple virtual machines with very few software packages on it,
very detailed documentation and so on. The problem is that students are
joining our team partly with very little knowledge. Configuration management
would mean another system to figure out for every member.

~~~
102030485868
As opposed to every new member having to figure out this new project?

Documentation is your best bet. It would be better to teach students about
things that are currently being used instead of making up your own solutions.

Though, there is a lot to gain from rolling your own solutions, so: ¯\\_(ツ)_/¯

