Add SSH post and ssh-*.sh scripts
authorW. Trevor King <wking@drexel.edu>
Thu, 18 Nov 2010 14:06:12 +0000 (09:06 -0500)
committerW. Trevor King <wking@drexel.edu>
Thu, 18 Nov 2010 14:06:12 +0000 (09:06 -0500)
posts/SSH.mdwn [new file with mode: 0644]
posts/SSH/ssh-key.sh [new file with mode: 0755]
posts/SSH/ssh-prime.sh [new file with mode: 0755]
posts/SSH/ssh-remote.sh [new file with mode: 0755]

diff --git a/posts/SSH.mdwn b/posts/SSH.mdwn
new file mode 100644 (file)
index 0000000..dc059d1
--- /dev/null
@@ -0,0 +1,51 @@
+[[!meta  title="Secure Shell"]]
+
+If you want to get anything done on a remote host, you use [SSH][].
+
+Password-less SSH
+-----------------
+
+Since I use SSH a lot, I've gone through the minimal effort required
+to setup password-less SSH between the computers on which I have
+accounts.  Note that you should only keep private keys on computers
+that you trust (i.e. computers where you are the only admin).
+
+I don't end up typing these commands very often, so I've created a set
+of three simple scripts ([[ssh-key.sh]], [[ssh-remote.sh]], and
+[[ssh-prime.sh]]), since `ssh-<TAB>` is easier to remember than the
+commands themselves.  With the scripts in your path, run:
+
+    $ ssh-key.sh
+
+to generate a SSH private/public keypair.  Then run:
+
+    $ ssh-remote.sh me@remote.edu
+
+to configure your `remote.edu` account to allow passwordless logins
+from your new key.  After each login, run:
+
+    $ ssh-prime.sh
+
+and enter your passphrase to start the SSH agent, and tell your shell
+about the agent with:
+
+    $ . /tmp/$(whoami)/.ssh/.ssh-agent-info-$(hostname)
+
+I usually prime the SSH agent right after I log in (before running
+[[screen]] or `startx`) to that new terminals come up knowing about
+the agent.
+
+Credits
+-------
+
+This sort of thing is the subject of innumerable websites, but due to
+the fluid nature of the web, they tend to disappear over time.  Thanks
+to Ted Dustman (at the University of Utah in 2007) for his post (now
+missing).  Still available related posts:
+
+* [Kristina Wanous and company at Debian Clusters][DC]
+
+[[!tag tags/linux]]
+
+[SSH]: http://en.wikipedia.org/wiki/Secure_Shell
+[DC]: http://debianclusters.cs.uni.edu/index.php/Password-less_SSH_for_Users
diff --git a/posts/SSH/ssh-key.sh b/posts/SSH/ssh-key.sh
new file mode 100755 (executable)
index 0000000..bec79c5
--- /dev/null
@@ -0,0 +1,21 @@
+#!/bin/bash
+#
+# Preate a public/private key for passwordless logins from the current
+# machine.
+#
+# usage: ssh-key.sh
+
+PRIVATE_KEY="$HOME/.ssh/id_rsa"
+CONFIG_FILE="$HOME/.ssh/config"
+HOST=$(hostname -f)
+
+echo "use a long and difficult-to-guess passphrase"
+ssh-keygen -t rsa -f "$PRIVATE_KEY" || exit 1
+cat > "$CONFIG_FILE" <<EOF
+Host $HOST
+        IdentityFile $PRIVATE_KEY
+EOF
+echo "run ssh-remote.sh to configure a remote host"
+echo "run ssh-prime.sh on each login to prime the agent"
+
+exit 0
diff --git a/posts/SSH/ssh-prime.sh b/posts/SSH/ssh-prime.sh
new file mode 100755 (executable)
index 0000000..35a6778
--- /dev/null
@@ -0,0 +1,42 @@
+#!/bin/bash
+#
+# Creates an ssh-agent, writes ssh agent info
+# to the file
+#
+#   /tmp/$(whoami)/.ssh-agent-info-$(hostname)'
+#
+# and then prompts user for passphrase(s).  Then any shell can use the
+# agent by sourcing the info file:
+#
+#  . /tmp/$(whoami)/ssh-agent-info-$(hostname)
+#
+# originally by Ted Dustman
+#   http://www.cvrti.utah.edu/~dustman/no-more-pw-ssh/
+
+USER=$(whoami)
+HOST=$(hostname)
+INFO_FILE="/tmp/$USER/.ssh/.ssh-agent-info-$HOST"
+PRIVATE_KEY="$HOME/.ssh/id_rsa"
+
+if [ ! -d "/tmp/$USER" ]; then
+    echo "making directory /tmp/$USER"
+    mkdir "/tmp/$USER" || exit 1
+    chmod 700 "/tmp/$USER" || exit 1
+fi
+
+if [ ! -d "/tmp/$USER/.ssh" ]; then
+    echo "making directory /tmp/$USER/.ssh"
+    mkdir "/tmp/$USER/.ssh" || exit 1
+    chmod 700 "/tmp/$USER/.ssh" || exit 1
+fi
+
+echo "priming agent"
+touch "$INFO_FILE" || exit 1
+chmod 600 "$INFO_FILE" || exit 1
+ssh-agent > "$INFO_FILE" || exit 1
+source "$INFO_FILE"
+ssh-add "$PRIVATE_KEY" || exit 1
+echo "use: . $INFO_FILE"
+echo "to enable the agent in your current shell"
+
+exit 0
diff --git a/posts/SSH/ssh-remote.sh b/posts/SSH/ssh-remote.sh
new file mode 100755 (executable)
index 0000000..0861f3d
--- /dev/null
@@ -0,0 +1,18 @@
+#!/bin/bash
+#
+# Set up keyed login to a remote host.
+#
+# usage: ssh-remote.sh [[uname@]remote_hostname
+
+if [ $# -ne 1 ]; then
+    echo "usage: ssh-remote [uname@]remote_hostname"
+    exit 1
+fi
+
+RHOST="$1"
+PUBLIC_KEY="$HOME/.ssh/id_rsa.pub"
+F=".ssh/authorized_keys"
+
+cat "$PUBLIC_KEY" | ssh $RHOST "touch $F; chmod 600 $F; cat >> $F"
+
+exit 0