LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   SSH Global Key? (http://www.linuxquestions.org/questions/linux-networking-3/ssh-global-key-219022/)

kuronai 08-17-2004 09:12 PM

SSH Global Key?
 
Hey,

Just wondering whether it would be possible to generate a DSA public/private keyset on one machine, and use that as the key on a number of subsequent machines. Ie: effectively only use one public/private ssh key on a network.
Have any of you tried this before? :confused:

Thanks for your time :)

chort 08-17-2004 11:39 PM

Sure, but why would you want to do that? If one machine got comprimised you wouldn't be able to revoke the keys without hosing your login ability to the other machines? That would be an especially bad idea if you used it for multiple different users, especially root.

kuronai 08-18-2004 12:04 AM

The main reason I want to do it is because i've been told to do it... :rolleyes:

But that aside, its for a small cluster that isnt connected to any outside network, so security shouldnt be too much of an issue.

I've already got a few scripts written up that can reset and recreate the authorized_keys file and known_hosts, but the concern is that as the number of nodes in our cluster grows, setting up will become more and more of a hassle, what with having to enter passwords 50 times.

HappyTux 08-18-2004 12:23 AM

Re: SSH Global Key?
 
Quote:

Originally posted by kuronai
Hey,

Just wondering whether it would be possible to generate a DSA public/private keyset on one machine, and use that as the key on a number of subsequent machines. Ie: effectively only use one public/private ssh key on a network.
Have any of you tried this before? :confused:

Thanks for your time :)

You would not want to do it with the main key for the machine but you can make one for your normal user to login on all the machine with it. You need to use ssh-keygen to create the key and save it in your /home/user/.ssh/ directory. To create the key use ssh-keygen -t dsa then answer the question on where to save the key as you want it named, now if you do not want to type in the password every time you login then just hit enter twice when it asks you for it. Next you have to copy the key to the machines you want to logon to its /home/user/.ssh/authorized_keys so assuming that you already do not have such a file on the systems copied too then scp /home/user/.ssh/key_name_created.pub user@192.168.0.1:.ssh/authorized_keys. When you login to the other machines now all you need to do is ssh -i /home/user/.ssh/key_name_created user@192.168.0.1 and you will be logged into the system with no password if you created the key that way otherwise you have to enter the password. To save yourself all the typing you may want to put some aliases in your /home/user/.bashrc like I have in mine.

Code:

alias doc="ssh -i /home/stephen/.ssh/nopw stephen@192.168.0.2"
alias dts="ssh -i /home/stephen/.ssh/nopw stephen@192.168.0.254"
alias bts="ssh -i /home/stephen/.ssh/nopw stephen@192.168.0.3"
alias btsx="ssh -X -i /home/stephen/.ssh/nopw stephen@192.168.0.3"
alias sts="ssh -i /home/stephen/.ssh/nopw stephen@192.168.0.4"
alias stsx="ssh -X -i /home/stephen/.ssh/nopw stephen@192.168.0.254"

Then all you have to do to login is type for example in mine doc in a console window/console and I am logged to the machine 192.168.0.2 as stephen my user name on that machine. Then if I need to do anything as root then I use su and enter the root password and I can do anything I want. Note the first time you use ssh or scp you will be asked if you want to accept the key for the other machine say yes. If you want to use the same process from other machines instead of just a single machine logging to all the others then copy the keys you created both the .pub and the secret key to the .ssh directory of the normal user on those machines and you will have access to any machine from any machine.


All times are GMT -5. The time now is 12:17 AM.