[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: apt-key says deprecated, but not saying what else to use

On Sunday 20 June 2021 10:21:52 Dan Ritter wrote:

> Gene Heskett wrote:
> > I'd like to pleaed for a new apt-key, one that would survey the
> > existing list, and on finding a key that is expired or is no longer
> > associated, offer the option of removing it, or refreshiing it.
> >
> > I have up to 7 machines on my local network, usually accessed by
> > some ssh/sshfs variation, but my current keyring since I'm first
> > user, probably has 30 some keys, many of which are useless as the
> > target machine has been changed by a new machine and a new bare
> > metal install.
>
> This is ssh key management, not apt key management. apt key
> things are for trusting package repositories.

okay, but
>
> Here's what you should do:
>
> 1. create a new ssh keypair on your main machine:
>     ssh-keygen -t rsa -b 4096 -f gene2021

Done. generated /home/gene/gene2021 and /home/gene/gene2021.pub

> 2. for each $targetmachine in your 7 machines, do this:
>     - ssh $targetmachine
>     - mv ~/.ssh/authorized_keys ~/.ssh/authorized_keys_old

4 of the 6 machines have no .ssh directory in /home/gene. ssh may have 
had to be installed after the bare metal install of debian 10 using the 
linuxcnc install cd. sshfs and its deps sure had to be after the first 
reboot. I'll go bug the LinuxCNC install spinners, been meaning to do it 
for months.

Is it sufficient to create that directory, and 
touch .ssh/authorized_keys?

Also, the main machine, this one is still on stretch. With 310 gb used of 
a 2T spinning rust drive as /. I have a 500 gb samsung SSD, but haven't 
found a round-tuit cuz I'd probably wear out the SSD until I get at 
least a 1T SSD I can afford.  Thats getting closer though. But it will 
not happen when I am in the middle of designing and building a new, 
smaller harmonic drive for one of my cnc machines.

>     - don't close that terminal
>     - open a new terminal and make sure you can ssh in by
>       password, then
>     - ssh-copy-id gene2021 $targetmachine
>     - make sure you can ssh in with the gene2021 key:
>       ssh -i gene2021 $targetmachine
>     - if it's good, close both terminals and go on to the next
>       $targetmachine
>
> 3. clean up: remove keys in ~/.ssh/  that aren't gene2021 and
>    aren't useful otherwise.
>
> Now you have one known good keypair that lets you in to all
> seven machines without a password, and you can use a password as
> fallback.
>
> -dsr-


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: