Global SSH client configuration, ssh_config(5), at scale
I am now wondering about what kind of use-cases are out there for pushing out a modified SSH client configuration file using orchestration software.
Any descriptions of such use cases for modifying the global client configuration, no matter how vague, will be gratefully received. Note, I am wondering only about the client ssh configuration, which would be the one normally found in /etc/ssh/ssh_config on most systems, and not for the server daemon's configuration which would be /etc/ssh/sshd_config. |
I don't know of a good reason. As far as I know the command line settings can override the user settings (~/.ssh/config) which can override the system settings (/etc/ssh/ssh_config).
|
Quote:
|
There are wonderful mass management utilities for enterprise operations such as puppet.
Also, you CAN roll your own and we did before things like puppet became finished and general. I do not recommend rolling your own, rather evaluate existing options. These will allow you to manage much more than just the ssh client, so if that is ALL you need a roll-your-own solution might be better. |
Quote:
|
I guess nothing "strange" but if you have something special, you can put it there. As far as I remember we don't take care of it at all.
|
Quote:
|
One reason for distributing a common client cfg would be if your company uses a bastion or 'jump' servers ie you do not allow direct cxns to your actual servers.
https://www.redhat.com/sysadmin/ssh-...tion-proxyjump |
All times are GMT -5. The time now is 06:27 AM. |