David C. Rankin wrote:
On Sunday 04 October 2009 03:52:59 am Per Jessen wrote:
I'm still considering moving to the no-password-login setup as Hans Witvliet suggested. It's clearly the optimal solution, I'm just a little concerned about the management when each server needs to "know" about (need to have the key) each possible client.
/Per
Per,
That's the best part about it. On each host, just do
cd ~/.ssh ssh-keygen -t dsa cp id_dsa id_dsa.hostname cp id_dsa.pub id_dsa.pub.hostname
do the same thing for root but append an r to the end of the names (id_dsa.pub.hostnamer).
Hi David thanks, I'll have to take a closer look now. I do understand the process, I've got a couple of dedicated users operating only with challenge-response (for automated tasks). I guess the main reason I'm a little concerned is that seen from an ssh pov, I've got 13 external servers/client and 10-12 local clients/servers. Times 4 users who at times will need the access. Yes, local workstations have a shared /home, but production systems don't nor do the external systems. Hmm, I've just been reading a bit about ssh agent forwarding - that might just solve part of my issue. I was thinking of the following scenario: user-1 on client-1 connects server-1. Does some stuff, then needs to rsync something from server-2 or client-4 - as long as user-1@client-1 is allowed access to server-2 or client-4, will it still work (via this ssh agent forwarding setup)? /Per -- Per Jessen, Zürich (9.6°C) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org