[K12OSN] ssh key generation

Patrick Mohr patmo98 at yahoo.com
Wed May 26 15:01:44 UTC 2004 

Immanuel Derks wrote:

>Op di 25-05-2004, om 22:10 schreef Henry Burroughs:
>
>  
>
>>(Pardon the reply formating... Evolution only copied part of the reply
>>    
>>
>
>  
>
>>off the digest.. so I had to copy-paste).
>>    
>>
>
>  
>
>
>  
>
>>Immanuel,
>>    
>>
>
>  
>
>
>  
>
>>Does your application server share (ie: via NFS) the same home directory
>>    
>>
>
>  
>
>>as your login/terminal server?  If so, you shouldn't have to scp the
>>    
>>
>
>  
>
>>files to a different server.  All you would have to do is:
>>    
>>
>
>  
>
>
>  
>
>>cat $HOME/.ssh/id_rsa.pub >> $HOME/.ssh/authorized_keys
>>    
>>
>
>
>
>That is an idea, indeed. I'll see if we can set it up like that.
>
>  
>
>
>  
>
>>instead of scp.  You should use >> if you wish to keep any other
>>    
>>
>
>  
>
>>authorized keys the user has, otherwise you can use a plain "cp" or
>>    
>>
>
>  
>
>>change >> to > and overwrite the file.  Now do you want to have this run
>>    
>>
>
>  
>
>>every time the user logs in, or only the first time?
>>    
>>
>
>
>
>Well, that is still an open question. Anyway we'll have to automate
>
>things up till the point that 1000+ students become manageable with ssh
>
>key authentications for the app server. My guess would be to run it just
>
>for the first time, and have the keys, authorized_keys files and
>
>known_hosts file backed up in case of loss. (they can't be made ro or
>
>root I thought because ssh is quiet strict on that).
>
>
>
>The most headache up to this point are the known_hosts files because
>
>these seem to need user intervention to create and I haven't found a way
>
>to circumvent that. Any idea's are more then welcome here.
>
> 
>
>
>
>Regards Immanuel
>
>  
>
>
>  
>
>>Henry Burroughs
>>    
>>
>
>  
>
>
>  
>
>>Immanuel Derks wrote:
>>    
>>
>
>  
>
>
>  
>
>>Hi all,
>>    
>>
>>I would like to know if other people who run separate application
>>    
>>
>>servers over ssh have figured out an elegante solution for public key
>>    
>>
>>production and distribution through a network without bothering students
>>    
>>
>>with this.
>>    
>>
>>It's easy to produce the keys without user intervention during login
>>    
>>
>>like:
>>    
>>
>>ssh-keygen -t rsa -q -f $HOME/.ssh/id_rsa -C '' -N ''
>>    
>>
>>But then the public key has to copied to the appserver like 
>>    
>>
>>scp -l $USER $HOME/.ssh/id_rsa.pub appserver:$HOME/.ssh/id_rsa.pub
>>    
>>
>>and this would need a passwd from the user, so does one need to agree
>>    
>>
>>with the production of the known_hosts file on the client side.
>>    
>>
>>Kind regards,
>>    
>>
>>Immanuel Derks
>>    
>>
I am not faminure with making a known hosts file, but you should be able 
to use a login shell script somthing to this effect.
You will need to make changes, since I don't know what a known hosts 
file looks like.


#!/bin/bash

if ! [ -f ~/.ssh/known_hosts ]
    then cd ~/.ssh
    touch known_hosts
    chown $USER:$USER known_hosts
    chmod 644 known_hosts
    echo "localhost ssh-rsa AAAAB351gcOGYmCk=" >> known_hosts
    echo "This will apear on the secound line" >> known_hosts
fi

More information about the K12OSN mailing list