Thursday, April 15, 2010

placing a pubkey on a system from another

Let us assume that you want to use pubkeys to access a system via SSH. Let us also assume that you have root (this really works for any account, but root is cool, too). Let us also assume that you want all of your friends on a box to also have root access via pubkeys. All of your friends and you have your home in /home, too. Oh, and sshd allows for pubkeys and also root login (if you're doing the whole root thing).

First thing, make sure you've generated keys on the client box. And then place your and everyone else's pubkeys in the target client user's home directory. I like to use authorized_keys2 for people, and authorized_keys for robots - that's just me.

One thing that you do need is connectivity of some sort between hosts. That being said:

server is the place where the keys are coming from.
client is the place where the keys are destined.

root@client: ~# ssh-keygen -t rsa -b 2048

root@client: ~# ssh -l you server "sudo bash -c \"cat /home/*/.ssh/id_rsa.pub\"" >> /root/.ssh/authorized_keys2

or... if you wish to merely cat:

root@client: ~# ssh -l you server "sudo bash -c \"cat /home/*/.ssh/id_rsa.pub\"" >> /root/.ssh/authorized_keys2

or... on the system which you wish to cat pubkey from...

you@server: ~# cat .ssh/id_rsa.pub | ssh root@client 'cat >> .ssh/authorized_keys2'

...

If you never ever reboot them, VMWare ESXi hosts do obey pubkeys.

root@esxi-client: ~# cd /
root@esxi-client: ~# mkdir .ssh
root@esxi-client: ~# chmod 600 .ssh
do the last tip.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)