experiences with openssh automation
Mike Kallies
mgjk-cpI+UMyWUv9BDgjK7y7TUQ at public.gmane.org
Tue Aug 9 20:41:15 UTC 2005
On Tue, August 9, 2005 9:10 am, interlug-list said:
> On Mon, 2005-08-08 at 18:32, Mike Kallies wrote:
>> Hello Everyone,
>>
>> I've been doing some work with OpenSSH for automation with Linux Redhat,
>> and it seems time and time again I encounter problems where OpenSSH does
>> not allow for graceful failure.
>
> Have you considered cfengine?
First time I heard of it. Thanks for the link, it's something to consider
long term if OpenSSH continues to show problems.
I don't think some of the things they say about ssh are correct though:
"Cfengine does not use ssh. The ssh protocol is not directly appropriate
for a system management tool, because it provides only unilateral
authentication of user to server. Cfengine authenticates these parties
mutually, i.e. user to server, and server to user. Moreover, ssh requires
a user to manually accept a key on trust, when the public keys are unknown
to the parties, whereas cfengine works non-interactively. SSh uses the
notion of binding to a trusted port, to confirm privileged user identity.
Cfengine does not make this assumption."
http://www.cfengine.org/confdir/copyv2.html
-Mike
--
The Toronto Linux Users Group. Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml
More information about the Legacy
mailing list