On Wed, Jun 02, 2004 at 01:02:08AM -0500, Will Trillich wrote: > for passwordless SSH-ing, try this (and feel free to augment or > correct if i overlook something)-- > > localbox$ ssh-keygen -t dsa > > after some q&a (just answer with blanks, for passwordless > connections) this creates a ~/.ssh/id_dsa.pub file that you can > append to your remote systems' ~/.ssh/authorized_keys files: > > localbox$ scp ~/.ssh/id_dsa.pub [EMAIL PROTECTED]:~/.ssh/localboxKey > localbox$ ssh [EMAIL PROTECTED] > <password> > remotebox$ cd ~/.ssh > remotebox$ cat localboxKey >> authorized_keys > remotebox$ chmod 600 authorized_keys > remotebox$ rm localboxKey > remotebox$ logout > localbox$
For password-less keys I think they should be single use only. My original question was about doing this to a machine running SSH Corp's version. Unfortunately, that machine has SSH Secure Shell 3.2.3 on it -- and in that version the manual pages were not updated to explain how to create a single use key. I emailed their tech support and they sent me to http://www.ssh.com/documents/32/ssh2_40.html which explains the options. And in case anyone finds this in the archive, on SSH Secure Shell you need to convert the keys. So on Debian, create a keypair called "rsync" and "rsync.pub" $ ssh-keygen -t dsa -f rsync Then convert and copy to the other machine: $ ssh-keygen -e -f rsync.pub | ssh <remotehost> 'cat - > .ssh2/rsync.pub' and in your .ssh/config file add something like this to use this single-use key (needed because if you already have a key for the remote host managed by ssh-agent then it will be used instead): Host rsync User foo HostName remote.host.name IdentitiesOnly yes IdentityFile ~/.ssh/rsync which says to use only the identity (key) file(s) listed in the config file. man ssh_config(5) Then, on the remote host in .ssh/authorization set the "rsync.pub" key for running a single command: key rsync.pub Options command="rsync --server --daemon --config=rsync.conf ." And setup rsync.conf as explained in the rsync manual [foo_dir] comment = Provides read-only access to foo path = /path/to/foo read only = yes exclude = logs # can't chroot since running as a regular user use chroot = no Then back on the Debian machine: $ rsync -av --rsh="ssh rsync" ::foo_dir local_dir or use whatever options you need when using rsync. -- Bill Moseley [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
