Mailinglist Archive: opensuse (1570 mails)

< Previous Next >
Re: [opensuse] Coordinated, distributed ssh attacks?
  • From: "David C. Rankin" <drankinatty@xxxxxxxxxxxxxxxxxx>
  • Date: Wed, 7 Oct 2009 02:08:16 -0500
  • Message-id: <200910070208.16287.drankinatty@xxxxxxxxxxxxxxxxxx>
On Monday 05 October 2009 01:50:55 am Per Jessen wrote:
Hmm, I've just been reading a bit about ssh agent forwarding - that
might just solve part of my issue. I was thinking of the following
scenario: user-1 on client-1 connects server-1. Does some stuff, then
needs to rsync something from server-2 or client-4 - as long as
user-1@client-1 is allowed access to server-2 or client-4, will it
still work (via this ssh agent forwarding setup)?


I've played with the agent forwarding and the keychain utilities and I have
always found them more work than help. Since you only have to maintain one
~/.ssh/config file and one ~/.ssh/authorized_keys file, it has always been
easier just to distribute any new changes with a simple bash script. It is
exceeding easy once you have your passwordless login working because you
simply set up at text file that has both file names in it:

~/.ssh/config
~/.ssh/authorized_keys

and save it as something like sshfiles, then just have a short script that
calls rsync from a loop with the users@hostnames as the iterator, something
like:

for i in juan@box1 manny@box2 fred@box2 greg@xxxxxxxxxxxxxxxxxxx; do
rsync -uv --files-from=sshfiles $i
done

That way it is all done with basic ssh without any of the gimmicks that are
usually attached to the keychain or other automation methods. Of course the
other ways may suit your needs better, but after fighting this for a couple of
years, this is what I have found works the best.

--
David C. Rankin, J.D.,P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
Telephone: (936) 715-9333
Facsimile: (936) 715-9339
www.rankinlawfirm.com
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >