SSH access keys where are they located, how to sync them?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
SSH access keys where are they located, how to sync them?
Hello,
i would like to setup password-sess access between 3 servers and allow quick addition of additional servers into password less group.
I want to ask how to do it so when i add new server i dont need to run difficult command on each of the server?
----
im using redhat CentOS only, please where (which file) is located ssh key info
a) on local server that is allowing connection
b) on remote server which is allowed to connect
?
Thank You
The most-common answer is that the keys are stored in physical files, at designated locations, and that the SSH daemon will pay-attention to them only if their security-permissions settings are exactly correct.
However ... this is not the only answer. SSH is also friendly to distributed-authentication protocols such as LDAP (nee "Microsoft OpenDirectory") and Kerberos. If you have many servers to manage, you could instruct the SSH implementations on each server to obtain the necessary credentials from such a source, insteadof looking at per-computer files. (And I would advise you to do just that.) "Google It.™" There's a lot to read.
The overwhelming advantage here is that you can use LDAP to centrally-manage everything, including login credentials, and you can link everything together ("all of them talking to the same authority") to create a singlesign-on to your "system of systems." Once the user successfully "logs in," that one identity can be picked-up and used by all kinds of servers, such as internal Apache-or-not web servers, file servers and whatnot. And of course, sshd. Attributes, security levels, roles and so-forth are well defined, but in a very flexible way. And your security team manages it all from one place, in one way.
Last edited by sundialsvcs; 11-25-2014 at 07:05 AM.
(For what it's worth, nee goes the opposite direction.)
The default designated location for the public keys on the server would be in the users' accounts in ~/.ssh/authorized_keys, so those are what need to be synced among the servers. So when setting up a new server in that group, you have to find all those files and sync them. You can change the location of that file in the configurations for the SSH server or even add a second public key file, but those other files will still need to be synced.
If you use Kerberos, then that needs to be set up on the servers as well.
So there's not much of a way around syncing files. It is only a matter of which ones. The good news is that such work is easily scriptable and can be automated.
As Keith points out, you'll need the manuals. You should walk through all four (ssh, ssh_config, sshd, and sshd_config) to begin with, just to see what they cover, then read the sections relevant to your set up in detail.
i would like to setup password-sess access between 3 servers and allow quick addition of additional servers into password less group.
I want to ask how to do it so when i add new server i dont need to run difficult command on each of the server?
----
im using redhat CentOS only, please where (which file) is located ssh key info
a) on local server that is allowing connection
b) on remote server which is allowed to connect
?
Thank You
for details on ssh keys, check out the links in my signature.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.