[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Curious how folk manage this. Most of the time life has been simple enough that I can manage it by Simon knows if the server was just reinstalled because Simon just reinstalled it approach. It relies on fallible humans, and it doesn't scale, and frankly wasn't THAT secure, but then it didn't have to be. I know they can go in the DNS (although the DNS then ought to be cryptographically secured (probably not a problem - GoDaddy do it for a few dollar a month but not sure I'd want to use them for work stuff, but solutions exists here which are cheap and easy to do). No sniggering about .GOV at the back. But what is the preferred method for the more paranoid amongst you? My primary goal is to make a new key message, or a mismatching key message, rare enough that people will have time to stop and think when they see one, rather than just adding it, or removing a stale entry (you all know what I mean, even if you don't do it). It isn't a high priority - so solutions have to be lightweight and not demand much of the users of ssh (hence the DNS being interesting). Simon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq