From: W. Trevor King Date: Thu, 18 Nov 2010 14:06:12 +0000 (-0500) Subject: Add SSH post and ssh-*.sh scripts X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=00bb2cacf8a8603f14874a6eca8cea80b5110b53;p=blog.git Add SSH post and ssh-*.sh scripts --- diff --git a/posts/SSH.mdwn b/posts/SSH.mdwn new file mode 100644 index 0000000..dc059d1 --- /dev/null +++ b/posts/SSH.mdwn @@ -0,0 +1,51 @@ +[[!meta title="Secure Shell"]] + +If you want to get anything done on a remote host, you use [SSH][]. + +Password-less SSH +----------------- + +Since I use SSH a lot, I've gone through the minimal effort required +to setup password-less SSH between the computers on which I have +accounts. Note that you should only keep private keys on computers +that you trust (i.e. computers where you are the only admin). + +I don't end up typing these commands very often, so I've created a set +of three simple scripts ([[ssh-key.sh]], [[ssh-remote.sh]], and +[[ssh-prime.sh]]), since `ssh-` is easier to remember than the +commands themselves. With the scripts in your path, run: + + $ ssh-key.sh + +to generate a SSH private/public keypair. Then run: + + $ ssh-remote.sh me@remote.edu + +to configure your `remote.edu` account to allow passwordless logins +from your new key. After each login, run: + + $ ssh-prime.sh + +and enter your passphrase to start the SSH agent, and tell your shell +about the agent with: + + $ . /tmp/$(whoami)/.ssh/.ssh-agent-info-$(hostname) + +I usually prime the SSH agent right after I log in (before running +[[screen]] or `startx`) to that new terminals come up knowing about +the agent. + +Credits +------- + +This sort of thing is the subject of innumerable websites, but due to +the fluid nature of the web, they tend to disappear over time. Thanks +to Ted Dustman (at the University of Utah in 2007) for his post (now +missing). Still available related posts: + +* [Kristina Wanous and company at Debian Clusters][DC] + +[[!tag tags/linux]] + +[SSH]: http://en.wikipedia.org/wiki/Secure_Shell +[DC]: http://debianclusters.cs.uni.edu/index.php/Password-less_SSH_for_Users diff --git a/posts/SSH/ssh-key.sh b/posts/SSH/ssh-key.sh new file mode 100755 index 0000000..bec79c5 --- /dev/null +++ b/posts/SSH/ssh-key.sh @@ -0,0 +1,21 @@ +#!/bin/bash +# +# Preate a public/private key for passwordless logins from the current +# machine. +# +# usage: ssh-key.sh + +PRIVATE_KEY="$HOME/.ssh/id_rsa" +CONFIG_FILE="$HOME/.ssh/config" +HOST=$(hostname -f) + +echo "use a long and difficult-to-guess passphrase" +ssh-keygen -t rsa -f "$PRIVATE_KEY" || exit 1 +cat > "$CONFIG_FILE" < "$INFO_FILE" || exit 1 +source "$INFO_FILE" +ssh-add "$PRIVATE_KEY" || exit 1 +echo "use: . $INFO_FILE" +echo "to enable the agent in your current shell" + +exit 0 diff --git a/posts/SSH/ssh-remote.sh b/posts/SSH/ssh-remote.sh new file mode 100755 index 0000000..0861f3d --- /dev/null +++ b/posts/SSH/ssh-remote.sh @@ -0,0 +1,18 @@ +#!/bin/bash +# +# Set up keyed login to a remote host. +# +# usage: ssh-remote.sh [[uname@]remote_hostname + +if [ $# -ne 1 ]; then + echo "usage: ssh-remote [uname@]remote_hostname" + exit 1 +fi + +RHOST="$1" +PUBLIC_KEY="$HOME/.ssh/id_rsa.pub" +F=".ssh/authorized_keys" + +cat "$PUBLIC_KEY" | ssh $RHOST "touch $F; chmod 600 $F; cat >> $F" + +exit 0