Hi,
I need to copy user SSH authorized_keys files to servers, as
openssh-lpk has annoyed my organization for the last time. So we're
using an /etc/ssh/users directory that contains all necessary user
SSH.
The catch is, we don't want all of the keys on all of the
machines. For example, the billing team needs their keys only on the
billing servers. There's about a dozen different mixes of keys right
now, but I know my coworkers and there will be more, plus exceptions
and exclusions and who knows what.
My current plan is "write a playbook with a bunch of copy statements,
and run a script to remove unrecognized/unwanted keys." But it seems
that there's probably a more elegant way to do this.
Any suggestions on better ways to approach this?
There's always rsync, but maintaining a separate directory for each
server group would be pretty durn annoying.
Thanks,
==ml