Re: Passwordless SSH setup
On Wed, Jun 02, 2004 at 01:02:08AM -0500, Will Trillich wrote:
> for passwordless SSH-ing, try this (and feel free to augment or
> correct if i overlook something)--
> localbox$ ssh-keygen -t dsa
> after some q&a (just answer with blanks, for passwordless
> connections) this creates a ~/.ssh/id_dsa.pub file that you can
> append to your remote systems' ~/.ssh/authorized_keys files:
> localbox$ scp ~/.ssh/id_dsa.pub me@remotebox:~/.ssh/localboxKey
> localbox$ ssh me@remotebox
> remotebox$ cd ~/.ssh
> remotebox$ cat localboxKey >> authorized_keys
> remotebox$ chmod 600 authorized_keys
> remotebox$ rm localboxKey
> remotebox$ logout
For password-less keys I think they should be single use only.
My original question was about doing this to a machine running SSH
Corp's version. Unfortunately, that machine has SSH Secure Shell 3.2.3
on it -- and in that version the manual pages were not updated to
explain how to create a single use key. I emailed their tech support
and they sent me to
which explains the options.
And in case anyone finds this in the archive, on SSH Secure Shell you
need to convert the keys. So on Debian, create a keypair called "rsync"
$ ssh-keygen -t dsa -f rsync
Then convert and copy to the other machine:
$ ssh-keygen -e -f rsync.pub | ssh <remotehost> 'cat - > .ssh2/rsync.pub'
and in your .ssh/config file add something like this to use this
single-use key (needed because if you already have a key for the remote
host managed by ssh-agent then it will be used instead):
which says to use only the identity (key) file(s) listed in the config file.
Then, on the remote host in .ssh/authorization set the "rsync.pub" key
for running a single command:
Options command="rsync --server --daemon --config=rsync.conf ."
And setup rsync.conf as explained in the rsync manual
comment = Provides read-only access to foo
path = /path/to/foo
read only = yes
exclude = logs
# can't chroot since running as a regular user
use chroot = no
Then back on the Debian machine:
$ rsync -av --rsh="ssh rsync" ::foo_dir local_dir
or use whatever options you need when using rsync.