We have a growing collection of servers, both physical and virtual, which we need to login into. Login is usually with SSH, using an RSA key pair rather than a password (which is switched off in SSH settings). Right now we're setting our passwords and uploading our keys to each machine as the time comes, but that's accident prone. We could very easily miss a setting and end up with one of the team not able to log in, or leave password access switched on without realising it.
So we'd like to manage these credentials centrally. It should set passwords, upload public keys, ensure SSH has the right settings, and make it easy to add a new user or remove a user who has left.
I suppose a script to copy the right files into the right places would do, but seems messy when they're scattered across the system. How would you suggest we manage such credentials? It should be the minimum work possible to implement on each machine.