SSH certs signed by your own central CA (Most people aren’t aware of it, but OpenSSH can use CA certs), I usually set things up for ansible that way, but, of course, it works just fine for actual users, too (Why no ansible, though? It’s an extremely lightweight option that simply reduces common mistakes).
No Ansible, No LDAP: How to use single sign-on for app/server access across multiple servers
Submitted 3 weeks ago by poVoq@slrpnk.net to selfhosting@slrpnk.net
https://d1.hackers.moe/notes/no-ansible-no-ldap/
Comments
Arcanoloth@lemmy.ml 3 weeks ago
belated_frog_pants@beehaw.org 3 weeks ago
“Give everyone the same username and password” super fast, no need for account management
floquant@lemmy.dbzer0.com 3 weeks ago
How do y’all feel about FreeIPA? I deployed it a couple of times and I quite like it, but it’s not something you can whip up in an hour or two. The list of gotchas and “deployment considerations” all but guarantee you’ll have to reinstall the server at least a couple of times.