I have to manage several servers, with services that can be cron, and integration jobs, deployments, backups. The common thing with all of these, is that they sometimes require access to other servers.
Problem: I don't want to spread my private key to all of these servers for obvious reasons.
I love agent forwarding and keychain.sh, but this requires me to keep connection open all the time to those servers.
A solution to this could be putting a private key on just one server, and then keeping connections open to all remote servers (with tmux/screen). But this is not ideal.
Another solution might be putting a very strong pass phrase on the private key and actually distributing it across these servers, but that is also not ideal.
Are there any other options I am overlooking?
Aucun commentaire:
Enregistrer un commentaire