Ssh-keys

Сбор отпечатков ключей
 ssh-keyscan -t rsa,dsa cfmaster.my.flat >> /etc/ssh/ssh_known_hosts ssh-keyscan -t rsa,dsa cfmaster        >> /etc/ssh/ssh_known_hosts ssh-keyscan -t rsa,dsa mine.my.flat    >> /etc/ssh/ssh_known_hosts ssh-keyscan -t rsa,dsa mine            >> /etc/ssh/ssh_known_hosts ssh-keyscan -t rsa,dsa yours.my.flat   >> /etc/ssh/ssh_known_hosts ssh-keyscan -t rsa,dsa yours          >> /etc/ssh/ssh_known_hosts

или ещё проще

for host in {cfmaster,mine,yours}{,.my.flat} do ssh-keyscan -t rsa,dsa $host done 

Хранение ключей
I've got several client computers (i.e. laptops, desktops, etc.), and I connect to several server machines that I manage, and I log into them all via SSH. I can imagine several schemes of managing ssh keys that would make sense, and I'm curious about what others do. Option 1: One global public/private keypair.

I would generate one public/private keypair, and put the public key on every client machine, and the public key on every server machine. Option 2: One keypair per server machine.

I would generate one keypair on each server machine, and put each private key on my client machines. Option 3: One keypair per client machine.

Each client machine would have a unique private key, and each server machine would have the public keys for every client machine that I'd like to connect from. Option 4: One keypair per client/server pair

Totally overboard?

Which of these is best? Are there other options? What criteria to you use for evaluating the right configuration?