[clug] Distributed Administration
steve jenkin
sjenkin at canb.auug.org.au
Fri Sep 25 22:21:44 MDT 2009
Andrew Janke wrote on 25/9/09 12:23 PM:
> On Thu, Sep 24, 2009 at 20:57, Daniel Pittman <daniel at rimspace.net> wrote:
>>> - Cluster SSH (http://sourceforge.net/projects/clusterssh/) *
>> You already said you don't like this, but just to reinforce that: this is not
>> a software management solution, this is a (bad, IMO) tool for doing the same
>> thing on multiple machines.
>
> +1 'erky-poo' is the only word(s) that come to mind regarding doing
> this. There are just so many cases where this will break and cause
> more pain. The only use I can think of for this is for doing things
> like looking for a file in /tmp across all your 1000 cluster nodes.
Like the singing dog - the marvel isn't the action, but doing it at all.
<snip>
> a
I once heard of a (home grown?) tool for a group of Network Admins
managing CISCO routers on a large-business national network (120k IP
devices). Not unlike 'sudo' in providing fine-grained access control
across a large collection of devices, not just a few systems.
My recollection of its workings is vague - I remember SSH was involved,
a PERL script and maybe a web interface. Not sure how they logged
commands/output. Traceability/Audit was a prime function.
Chief security function was keeping the 'enable' passwords secret from
the Admins - the software handled logins...
Anyone know if something similar exists for Linux systems?
- SSH to central m/c. [strong proof of identity]
- no direct access to remote m/c's. [tool does SSH]
- fine-grained access control to hosts/commands/operations
- logging of changes, with implied versioning and 'undo'.
--
Steve Jenkin, Info Tech, Systems and Design Specialist.
0412 786 915 (+61 412 786 915)
PO Box 48, Kippax ACT 2615, AUSTRALIA
sjenkin at canb.auug.org.au http://members.tip.net.au/~sjenkin
More information about the linux
mailing list