[RFE]: SSH Key Rotation #3239
Description
Problem Statement
For security reasons my customer would like to rotate SSH keys periodically without bringing down their Windows nodes
Feature description
My customer, being security-conscious, wants to rotate their SSH keys between the cluster and their Windows nodes periodically, maybe monthly or so. However, it seems that if you change the secret in the WMCO that contains the private key, the cluster would probably lose connectivity with all of the Windows nodes until they have been updated with the new public key.
Is there a mechanism where a second key could be added, so that if the first key failed, the cluster could try the second key? (Kind of like what ssh-agent does?) Then we could delete the first key after the Windows nodes have been updated.
I'm guessing that is not a feature since I didn't see it in the docs. Perhaps there is another way to accomplish the same goal?
Thanks!