Alright I am working on a system for managing a bunch of vps. This includes mundane maintenance tasks as well as resource allocation.
In order to accomplish this my control server will need to be connecting to the various servers. I regularly use ssh public/private key and this seems like the most logical way to connect from the control server to the slave servers.
Now, lets pretend the control server is as secure as is reasonably possible. My question is, how can I store the private key to the control server, and the root password (assuming direct root log-in is disabled) to the slave servers securely.
I feel like a hardened server is the best defense since once the server is compromised the battle is probably lost. I know that no scheme will be foolproof, but what is the best practice?