On 10 April 2012 15:48, Tristan Santore
On 10/04/12 22:11, seth vidal wrote:
I must say, ansible does look interesting. Just the whole sshd thing
kinda is a put off. But I will look into this a bit more the next days.
But it does most certainly sound like a good effort (the start of).
And Michael is once again involved in a very interesting project, that
should turn out to be very useful indeed.
Coming from the old school.. I had this initial reaction.. I am
letting a root login from a system on the internet.. but then I
realized that in reality this does not seem any less secure than the
puppet or similar setups. If the ssh key is "gotten" it is no less a
problem than if the puppet ssl keys are gotten, and possibly less
likely to be auditable.
I think in this case a look at why you feel uncomfortable needs to be
written out a bit more to make sure if it is a "well we didn't think
of that scenario" or a "well for 10+ years I have made sure ssh wasn't
root loggable or autopassworded in and this makes me feel icky." type
Thanks for bringing this to our attention.
Tristan Santore BSc MBCS
Network and Infrastructure Operations
Former Thawte Notary
(Please note: Thawte has closed its WoT programme down,
and I am therefore no longer able to accredit trust)
For Fedora related issues, please email me at:
infrastructure mailing list
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me." —James Stewart as Elwood P. Dowd