Re: Passwordless SSH setup

To: debian-user@lists.debian.org
Subject: Re: Passwordless SSH setup
From: Bill Moseley <moseley@hank.org>
Date: Wed, 2 Jun 2004 07:37:42 -0700
Message-id: <[🔎] 20040602143742.GA1900@hank.org>
Mail-followup-to: Bill Moseley <moseley@hank.org>, debian-user@lists.debian.org
In-reply-to: <[🔎] 20040602060208.GA11191@serensoft.com>
References: <20040528051227.GA1766@hank.org> <[🔎] 20040602054237.GC7534@serensoft.com> <[🔎] 20040602060208.GA11191@serensoft.com>

On Wed, Jun 02, 2004 at 01:02:08AM -0500, Will Trillich wrote:
> for passwordless SSH-ing, try this (and feel free to augment or
> correct if i overlook something)--
> 
> 	localbox$ ssh-keygen -t dsa
> 
> after some q&a (just answer with blanks, for passwordless
> connections) this creates a ~/.ssh/id_dsa.pub file that you can
> append to your remote systems' ~/.ssh/authorized_keys files:
> 
> 	localbox$ scp ~/.ssh/id_dsa.pub me@remotebox:~/.ssh/localboxKey
> 	localbox$ ssh me@remotebox
> 	<password>
> 	remotebox$ cd ~/.ssh
> 	remotebox$ cat localboxKey >> authorized_keys
> 	remotebox$ chmod 600 authorized_keys
> 	remotebox$ rm localboxKey
> 	remotebox$ logout
> 	localbox$

For password-less keys I think they should be single use only.

My original question was about doing this to a machine running SSH
Corp's version.  Unfortunately, that machine has SSH Secure Shell 3.2.3
on it -- and in that version the manual pages were not updated to
explain how to create a single use key.  I emailed their tech support
and they sent me to 

  http://www.ssh.com/documents/32/ssh2_40.html

which explains the options.

And in case anyone finds this in the archive, on SSH Secure Shell you
need to convert the keys.  So on Debian, create a keypair called "rsync"
and "rsync.pub"

   $ ssh-keygen -t dsa -f rsync

Then convert and copy to the other machine:

   $ ssh-keygen -e -f rsync.pub | ssh <remotehost> 'cat - > .ssh2/rsync.pub'

and in your .ssh/config file add something like this to use this
single-use key (needed because if you already have a key for the remote
host managed by ssh-agent then it will be used instead):

    Host rsync
        User foo
        HostName remote.host.name
        IdentitiesOnly yes
        IdentityFile ~/.ssh/rsync

which says to use only the identity (key) file(s) listed in the config file.
man ssh_config(5)

Then, on the remote host in .ssh/authorization set the "rsync.pub" key
for running a single command:

    key rsync.pub
    Options command="rsync --server  --daemon --config=rsync.conf ."

And setup rsync.conf as explained in the rsync manual

    [foo_dir]
        comment = Provides read-only access to foo
        path = /path/to/foo
        read only = yes
        exclude = logs
        # can't chroot since running as a regular user
        use chroot = no

Then back on the Debian machine:

    $ rsync -av --rsh="ssh rsync" ::foo_dir local_dir

or use whatever options you need when using rsync.

-- 
Bill Moseley
moseley@hank.org

Reply to:

Follow-Ups:
- Re: Passwordless SSH setup
  - From: Will Trillich <will@serensoft.com>

References:
- Re: Using rsync over SSH
  - From: Will Trillich <will@serensoft.com>
- Passwordless SSH setup
  - From: Will Trillich <will@serensoft.com>

Prev by Date: Anyone recommend a multi-serial card?
Next by Date: Re: Still cannot install the nvidia driver
Previous by thread: Passwordless SSH setup
Next by thread: Re: Passwordless SSH setup
Index(es):
- Date
- Thread