3 Oct 2006 02:53
Re: Distributing private key information at install time
Wesley Craig <wes <at> umich.edu>
2006-10-03 00:53:44 GMT
2006-10-03 00:53:44 GMT
On 02 Oct 2006, at 12:07, Willemse, Menno wrote: > This always gets me thinking: Is there a cryptographically sound > way to restore the key information to the client from a file on the > install server? We give admins boot CDs which contain an individualized key which expires. The admin can burn this CD with a short expiration many times, if they happen to be installing a large number of machines. Typically they carry a CD with a longer term key with them, for troubleshooting. The key on the CD identifies the admin to the centralized server(s), so they are allowed to retrieve the ssh key files (among other things) that they're responsible for. Down side of the system is that CDs might be stolen. :wes
RSS Feed