LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-17-2004, 09:12 PM   #1
kuronai
LQ Newbie
 
Registered: Aug 2003
Location: Ballarat, Victoria, Australia
Distribution: Redhat 9.0
Posts: 14

Rep: Reputation: 0
Question SSH Global Key?


Hey,

Just wondering whether it would be possible to generate a DSA public/private keyset on one machine, and use that as the key on a number of subsequent machines. Ie: effectively only use one public/private ssh key on a network.
Have any of you tried this before?

Thanks for your time
 
Old 08-17-2004, 11:39 PM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Sure, but why would you want to do that? If one machine got comprimised you wouldn't be able to revoke the keys without hosing your login ability to the other machines? That would be an especially bad idea if you used it for multiple different users, especially root.
 
Old 08-18-2004, 12:04 AM   #3
kuronai
LQ Newbie
 
Registered: Aug 2003
Location: Ballarat, Victoria, Australia
Distribution: Redhat 9.0
Posts: 14

Original Poster
Rep: Reputation: 0
The main reason I want to do it is because i've been told to do it...

But that aside, its for a small cluster that isnt connected to any outside network, so security shouldnt be too much of an issue.

I've already got a few scripts written up that can reset and recreate the authorized_keys file and known_hosts, but the concern is that as the number of nodes in our cluster grows, setting up will become more and more of a hassle, what with having to enter passwords 50 times.
 
Old 08-18-2004, 12:23 AM   #4
HappyTux
Senior Member
 
Registered: Mar 2003
Location: Nova Scotia, Canada
Distribution: Debian AMD64
Posts: 3,513

Rep: Reputation: 63
Re: SSH Global Key?

Quote:
Originally posted by kuronai
Hey,

Just wondering whether it would be possible to generate a DSA public/private keyset on one machine, and use that as the key on a number of subsequent machines. Ie: effectively only use one public/private ssh key on a network.
Have any of you tried this before?

Thanks for your time
You would not want to do it with the main key for the machine but you can make one for your normal user to login on all the machine with it. You need to use ssh-keygen to create the key and save it in your /home/user/.ssh/ directory. To create the key use ssh-keygen -t dsa then answer the question on where to save the key as you want it named, now if you do not want to type in the password every time you login then just hit enter twice when it asks you for it. Next you have to copy the key to the machines you want to logon to its /home/user/.ssh/authorized_keys so assuming that you already do not have such a file on the systems copied too then scp /home/user/.ssh/key_name_created.pub user@192.168.0.1:.ssh/authorized_keys. When you login to the other machines now all you need to do is ssh -i /home/user/.ssh/key_name_created user@192.168.0.1 and you will be logged into the system with no password if you created the key that way otherwise you have to enter the password. To save yourself all the typing you may want to put some aliases in your /home/user/.bashrc like I have in mine.

Code:
alias doc="ssh -i /home/stephen/.ssh/nopw stephen@192.168.0.2"
alias dts="ssh -i /home/stephen/.ssh/nopw stephen@192.168.0.254"
alias bts="ssh -i /home/stephen/.ssh/nopw stephen@192.168.0.3"
alias btsx="ssh -X -i /home/stephen/.ssh/nopw stephen@192.168.0.3"
alias sts="ssh -i /home/stephen/.ssh/nopw stephen@192.168.0.4"
alias stsx="ssh -X -i /home/stephen/.ssh/nopw stephen@192.168.0.254"
Then all you have to do to login is type for example in mine doc in a console window/console and I am logged to the machine 192.168.0.2 as stephen my user name on that machine. Then if I need to do anything as root then I use su and enter the root password and I can do anything I want. Note the first time you use ssh or scp you will be asked if you want to accept the key for the other machine say yes. If you want to use the same process from other machines instead of just a single machine logging to all the others then copy the keys you created both the .pub and the secret key to the .ssh directory of the normal user on those machines and you will have access to any machine from any machine.

Last edited by HappyTux; 08-18-2004 at 12:25 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh connection with key linuxnube Linux - Security 3 02-25-2005 02:48 PM
ssh Host Key ziox Linux - Networking 6 02-07-2005 02:57 PM
ssh RSA key thanat0s Linux - Security 3 09-29-2003 09:51 PM
Help with ssh-agent - global environment PhilD Linux - Newbie 1 07-07-2003 11:48 AM
ssh / ssh-key -- its always asking for passphrase BaerRS Linux - General 1 01-07-2003 06:21 PM


All times are GMT -5. The time now is 10:29 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration