LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-20-2005, 12:18 PM   #1
cereal83
Member
 
Registered: Feb 2004
Location: Canada
Distribution: Slackware
Posts: 478

Rep: Reputation: 30
How do I automatically make a ssh key?


Hey all,

I am wondering how I can automatically make an ssh key with like a script or something. I know ssh -t dsa will make me a key but I need to have it done automatically so I can create a new key every 24 hours or so and run the script in the cron.

If anybody knows, that would be great.

Thanks
 
Old 09-20-2005, 12:35 PM   #2
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
Why not use ssh-keygen? And why are you creating a new key every 24 hours?
 
Old 09-20-2005, 12:45 PM   #3
cereal83
Member
 
Registered: Feb 2004
Location: Canada
Distribution: Slackware
Posts: 478

Original Poster
Rep: Reputation: 30
ohh ok I made a mistake upthere. I know the command to make a new key is ssh-keygen -t dsa but when i do that I have to physically press enter on the keyboard about 3 times and I need it to be automated. Like I need it to be in a script

I have no idea why I need to make a new key every 24 hours. I do some volunteer work for a computer company and they asked me to look into it. I googled but found nothing so I am coming here and asking to see if anybody knows.


Thanks
 
Old 09-20-2005, 12:52 PM   #4
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
If you're looking for keys with blank passphrases, try passing -N "" to the ssh-keygen command. -N is supposed to specify the new passphrase.

I haven't tried this, but it seems like it should work.

*still trying to imagine a need for daily keys*
 
Old 09-20-2005, 12:59 PM   #5
cereal83
Member
 
Registered: Feb 2004
Location: Canada
Distribution: Slackware
Posts: 478

Original Poster
Rep: Reputation: 30
Ok so now if I use ssh-keygen -N "" -t dsa it works but I still have to hit enter to accept where it's going to save to. Is there anyway around that?


I think they want new keys so often because they think ssh can be hacked easily and if they make new keys every 24 hours, it will prevent that from happening since they have never worked with ssh before. Thats what I think but they won't say anything
 
Old 09-20-2005, 01:04 PM   #6
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
Well, the biggest insecurity in this whole plan is the passphrase less keys. And obviously, changing keys so often makes management a pain.

But, we're here to help.

The -f option to ssh-keygen specifies the keyfile. So, I think you can try:
Code:
ssh-keygen -t dsa -N "" -f SSHKEY
 
Old 09-20-2005, 01:35 PM   #7
Krugger
Member
 
Registered: Oct 2004
Posts: 229

Rep: Reputation: 30
So you want a script. Here is one:

spawn ssh-keygen -t rsa -f /home/[lindex $argv 0]/.ssh/id_rsa
expect "Enter passphrase (empty for no passphrase)::"
send "/r"
expect "Enter passphrase again:"
send "/r"
expect eof


Use can use it in another script like this:

su -c "expect -f path_to_script/script $new_user"

This script will generate a ssh key pair. Now you have to copy the public key(id_rsa.pub) to the authorized key file.
 
Old 09-20-2005, 01:39 PM   #8
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
Krugger: while I always forget about expect, do you see any significant advantage to the expect script over my single command above? I'm not challenging your results, just wondering what I am missing.
 
Old 09-20-2005, 02:37 PM   #9
cereal83
Member
 
Registered: Feb 2004
Location: Canada
Distribution: Slackware
Posts: 478

Original Poster
Rep: Reputation: 30
Matir,

Thanks for that code, it works like a charm. I know they should use a passphrase but they are just testing it now to see how it works.

Krugger, I could use that and thats for pointing it out but that 1 little line of code it good enough for me.. Thanks


Thanks again guys!

 
Old 09-20-2005, 02:49 PM   #10
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
No problem, glad I was able to help. Make sure you educate these people on security. Laziness is always the weakest link in security.
 
Old 09-20-2005, 03:07 PM   #11
Krugger
Member
 
Registered: Oct 2004
Posts: 229

Rep: Reputation: 30
Actually I think your way is better. I already had the thread opened and I don't think your post was there yet we posted pretty close to each other. (30 minute differance)

I just use expect and send because it doesn't make you read too many man pages for the options.
 
Old 09-20-2005, 03:16 PM   #12
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 118Reputation: 118
Krugger: fair enough. By the way, does expect/send work with the "passwd" program?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Setting WEP Key automatically in Sarge 0ddba11 Debian 1 11-28-2004 10:34 AM
How to configure Wireless KEY automatically? enemorales Linux - Newbie 7 11-24-2004 04:30 AM
Num lock key went off automatically reaky Linux - Software 2 06-07-2004 07:15 AM
upgraded ssh, now can't make public key connection BrianK Linux - Networking 0 04-10-2004 06:06 PM
When i press tab key on my rh7.3 i was logged out automatically. nbalu Linux - Software 1 11-14-2003 04:58 PM


All times are GMT -5. The time now is 04:54 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration