|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Best practices inquiry: tracking SSH host keys
On Thu, 29 Jun 2006, David W. Hankins wrote: > On Wed, Jun 28, 2006 at 06:07:33PM -0700, Allen Parker wrote: > > Why not, on a regular basis, use ssh-keyscan and diff or something > > similar, to scan your range of hosts that DO have ssh on them (maybe --snip-200-words-or-less--- > > _wow_. > > That's a massive "why not just" paragraph. I can only imagine how > long a paragraph you'd write for finding and removing ex-employee's > public keys from all your systems. > > > So, here's my "why not just": > > Why not just use Kerberos? > apparently kerberos scares people... I'm not sure I 'get' that, but :( A corp security group once for a long time 'didnt believe in kerberos', some people 'get it' some don't :(
|