Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Best practices inquiry: tracking SSH host keys

  • From: Christopher L. Morrow
  • Date: Thu Jun 29 15:45:10 2006

On Thu, 29 Jun 2006, David W. Hankins wrote:

> On Wed, Jun 28, 2006 at 06:07:33PM -0700, Allen Parker wrote:
> > Why not, on a regular basis, use ssh-keyscan and diff or something
> > similar, to scan your range of hosts that DO have ssh on them (maybe
--snip-200-words-or-less---
>
> _wow_.
>
> That's a massive "why not just" paragraph.  I can only imagine how
> long a paragraph you'd write for finding and removing ex-employee's
> public keys from all your systems.
>
>
> So, here's my "why not just":
>
> 	Why not just use Kerberos?
>

apparently kerberos scares people... I'm not sure I 'get' that, but :( A
corp security group once for a long time 'didnt believe in kerberos',
some people 'get it' some don't :(




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.