Need some feedback. Since I've been playing with/working on
ansible(http://ansible.github.com) it has raised some questions as to
what we will allow/not allow for setting up hosts.
Here's what I'd like to do:
1. allow lockbox01-only and ssh-key-only access, as root, via ssh to
our systems. This would be an ssh key only on lockbox and owned by root
(or possibly by sysadmin-main or other localgroup - like the private
2. have the root authorized_keys be available from
infrastructure.fedoraproject.org via http (restricted to the hosts we
allow, of course)
3. setup our kickstart %post to suck down these keys.
This will enable me to streamline our installation process
considerably. Right now there are a number of manual steps in our
reinstall process. These manual steps are.... errorprone. I'd like to
Right now we expose access to our systems via func - which is a daemon
running as root which auth's using the puppet ssl cert/keys from
lockbox01. The change to allowing ssh-in as root is not a considerably
larger attack surface. The only exception is that ssh is available to
various places for some of our systems, while func's ports are not.
I'd like to hear some thoughts on making this change. If no one objects
then I'll make this happen.
infrastructure mailing list