[K12OSN] ssh key generation
Patrick Mohr
patmo98 at yahoo.com
Wed May 26 15:01:44 UTC 2004
Immanuel Derks wrote:
>Op di 25-05-2004, om 22:10 schreef Henry Burroughs:
>
>
>
>>(Pardon the reply formating... Evolution only copied part of the reply
>>
>>
>
>
>
>>off the digest.. so I had to copy-paste).
>>
>>
>
>
>
>
>
>
>>Immanuel,
>>
>>
>
>
>
>
>
>
>>Does your application server share (ie: via NFS) the same home directory
>>
>>
>
>
>
>>as your login/terminal server? If so, you shouldn't have to scp the
>>
>>
>
>
>
>>files to a different server. All you would have to do is:
>>
>>
>
>
>
>
>
>
>>cat $HOME/.ssh/id_rsa.pub >> $HOME/.ssh/authorized_keys
>>
>>
>
>
>
>That is an idea, indeed. I'll see if we can set it up like that.
>
>
>
>
>
>
>>instead of scp. You should use >> if you wish to keep any other
>>
>>
>
>
>
>>authorized keys the user has, otherwise you can use a plain "cp" or
>>
>>
>
>
>
>>change >> to > and overwrite the file. Now do you want to have this run
>>
>>
>
>
>
>>every time the user logs in, or only the first time?
>>
>>
>
>
>
>Well, that is still an open question. Anyway we'll have to automate
>
>things up till the point that 1000+ students become manageable with ssh
>
>key authentications for the app server. My guess would be to run it just
>
>for the first time, and have the keys, authorized_keys files and
>
>known_hosts file backed up in case of loss. (they can't be made ro or
>
>root I thought because ssh is quiet strict on that).
>
>
>
>The most headache up to this point are the known_hosts files because
>
>these seem to need user intervention to create and I haven't found a way
>
>to circumvent that. Any idea's are more then welcome here.
>
>
>
>
>
>Regards Immanuel
>
>
>
>
>
>
>>Henry Burroughs
>>
>>
>
>
>
>
>
>
>>Immanuel Derks wrote:
>>
>>
>
>
>
>
>
>
>>Hi all,
>>
>>
>>I would like to know if other people who run separate application
>>
>>
>>servers over ssh have figured out an elegante solution for public key
>>
>>
>>production and distribution through a network without bothering students
>>
>>
>>with this.
>>
>>
>>It's easy to produce the keys without user intervention during login
>>
>>
>>like:
>>
>>
>>ssh-keygen -t rsa -q -f $HOME/.ssh/id_rsa -C '' -N ''
>>
>>
>>But then the public key has to copied to the appserver like
>>
>>
>>scp -l $USER $HOME/.ssh/id_rsa.pub appserver:$HOME/.ssh/id_rsa.pub
>>
>>
>>and this would need a passwd from the user, so does one need to agree
>>
>>
>>with the production of the known_hosts file on the client side.
>>
>>
>>Kind regards,
>>
>>
>>Immanuel Derks
>>
>>
I am not faminure with making a known hosts file, but you should be able
to use a login shell script somthing to this effect.
You will need to make changes, since I don't know what a known hosts
file looks like.
#!/bin/bash
if ! [ -f ~/.ssh/known_hosts ]
then cd ~/.ssh
touch known_hosts
chown $USER:$USER known_hosts
chmod 644 known_hosts
echo "localhost ssh-rsa AAAAB351gcOGYmCk=" >> known_hosts
echo "This will apear on the secound line" >> known_hosts
fi
More information about the K12OSN
mailing list