Closed jamesrwhite closed 7 years ago
surjikal
commented
10 years ago What's the benefit of having multiple key pairs?
I'm not really an expert, but I don't think it helps with security because if the server that hosts minicron gets compromised, then the assailant would have access to all the private keys anyway.
mumblez
commented
10 years ago It's helps if we already have tools that manage other systems, e.g. rundeck, ansible, fabric, saltstack, chef, puppet etc, in the case that we already manage other servers with an ssh key it would be alot cleaner to re-utilise the key. One nice feature to have would be able to take advantage of saltstack, rundeck or any other configuration management tool to manage crontabs.
surjikal
commented
10 years ago @mumblez
I was asking about the benefits of having multiple key pairs. I think having just one key pair is a good idea.
jamesrwhite
commented
10 years ago I agree with all of the above :) The only reason I implemented it in a way that creates a keypair per host is at the time I thought it would be easier from a development perspective and a bit more flexible. I'm going to have a think about the best way to support both.
mumblez
commented
10 years ago @surjikal apologies, for some reason I read it to mean assigning other keys to be a bad thing, you're right, one key pair or a way to configure a key pair for all or group of servers would be beneficial.
@jamesrwhite I'm glad you're looking into this, I think some connection type layer to choose how to connect would be great (e.g. via ssh key and maybe in future call other apis or if on the same system as the configuration management master; a command (e.g. in the example of saltstack we could do "salt 'server_name' cmd.run "command or script to run")
jamesrwhite
commented
7 years ago I'm planning to remove this feature as part of the first major version, as such I'm closing this issue.
As mentioned in #104