James D. Parra wrote:
-----Original Message----- From: Carl Hartung [mailto:suselinux@cehartung.com] Sent: Thursday, December 13, 2007 6:38 PM To: opensuse@opensuse.org Subject: Re: [opensuse] rsync - keys - no-password question
On Thu December 13 2007 08:24:19 pm James D. Parra wrote:
how do you accomplish having the ssh keys set properly on the target machine from two different source machines?
This may only get you part of the way but here goes:
Combine the series of source-side public keys into a single 'authorized_keys' file that 'lives' on the target machine. Something like
'cat client1_key.pub client2_key.pub client3_key.pub >authorized_keys' should do it. As far as placement on the target system, in my case... I log into the same server from different desktops... the file lives in ~/.ssh, i.e.
~~~~~~~~~~~~~~~~~~~~~~~~```
Thank you. I received the following byte error, but documentation show that this is possible;
# ssh-keygen -t dsa -b 2048 -f /root/rsync/mirror-rsync-key DSA keys must be 1024 bits <snip>
How can I make this 2048?
1024 is more than sufficient. Just use ssh-keygen -t dsa. James, the simple way to do this is to just generate a public key on each machine in the .ssh dir. You can to this totally by ssh. Then for each machine, (1) make a copy of the id_dsa.pub file and call it id_dsa.pub.<hostname>. Just make the copy in the .ssh directory. Appending the hostname allows you to copy the keys directly to the target machine .ssh dir without overwriting the existing public key on the target machine. (2) scp the id_dsa.pub.<hostname> to then target machine .ssh directory (3) ssh to the target machine and change to the .ssh directory and then use cat to append the new key to the authorized_keys file. "cat id_dsa.pub.<hostname> >> authorized_keys". You can add more keys later in the exact same manner. When you have done this for each local or remote machine your .ssh dir will look something like this: -rw-r--r-- 1 david users 5450 2007-11-09 15:21 authorized_keys -rw------- 1 david users 668 2005-12-07 22:41 id_dsa -rw-r--r-- 1 david users 603 2005-12-07 22:41 id_dsa.pub -rw-r--r-- 1 david users 612 2006-05-09 22:36 id_dsa.pub.bonza -rw-r--r-- 1 david users 604 2007-06-17 20:30 id_dsa.pub.kidsdell -rw-r--r-- 1 david users 605 2007-03-14 00:32 id_dsa.pub.lakehouse -rw-r--r-- 1 david users 603 2006-05-02 18:32 id_dsa.pub.nemesis -rw-r--r-- 1 david users 607 2007-10-20 00:06 id_dsa.pub.p35a -rw-r--r-- 1 david users 606 2006-08-13 12:19 id_dsa.pub.providence -rw-r--r-- 1 david users 607 2007-10-12 23:05 id_dsa.pub.rankin-p35 -rw-r--r-- 1 david users 605 2006-05-09 22:43 id_dsa.pub.rankin-xp -rw------- 1 david users 602 2007-11-09 15:20 id_dsa.pub.ripper -rw-r--r-- 1 david users 603 2006-01-27 09:35 id_dsa.pub.skyline -rw------- 1 david users 668 2007-05-17 20:29 id_dsa_putty -rw-r--r-- 1 david users 603 2007-05-17 20:29 id_dsa_putty.pub -rw-r--r-- 1 david users 602 2007-05-23 18:28 id_dsa_ripper.pub -rwx------ 1 david users 2260 2007-12-01 10:37 known_hosts* Note, you can also create keys for putty that will allow passwordless ssh access from windows via putty as well. You can always delete all the .hostname keys when you are done, but I keep them around so that if I add a new machine to the network, I can completely set up keyless access to the new machine from a single box. It also provides a backup of all machines keys as well. Just remember if you have scripts or cron jobs that need to run with root privileges, make sure you run the job as the user that has public key access between machines. -- David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org