public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-user] Using SSH around the LAN
@ 2016-07-12 15:42 Peter Humphrey
  2016-07-12 15:48 ` Alan McKinnon
                   ` (2 more replies)
  0 siblings, 3 replies; 7+ messages in thread
From: Peter Humphrey @ 2016-07-12 15:42 UTC (permalink / raw
  To: gentoo-user

Hello list,

I remember some time ago reading a guide on the Web to using ssh and keychain 
to simplify routine tasks, but now I can't find it.

What I want to do is to use scp, ssh and rsync to copy files and directories 
from one local machine to another, without having to submit a password on 
every occasion. I want to be able to do this as myself, as portage or as root.

Is there a guide to setting up password-less authentication to enable me to do 
this?

-- 
Rgds
Peter



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] Using SSH around the LAN
  2016-07-12 15:42 [gentoo-user] Using SSH around the LAN Peter Humphrey
@ 2016-07-12 15:48 ` Alan McKinnon
  2016-07-13  8:48   ` Peter Humphrey
  2016-07-12 15:49 ` R0b0t1
  2016-07-12 15:51 ` Alarig Le Lay
  2 siblings, 1 reply; 7+ messages in thread
From: Alan McKinnon @ 2016-07-12 15:48 UTC (permalink / raw
  To: gentoo-user

On 12/07/2016 17:42, Peter Humphrey wrote:
> Hello list,
> 
> I remember some time ago reading a guide on the Web to using ssh and keychain 
> to simplify routine tasks, but now I can't find it.
> 
> What I want to do is to use scp, ssh and rsync to copy files and directories 
> from one local machine to another, without having to submit a password on 
> every occasion. I want to be able to do this as myself, as portage or as root.
> 
> Is there a guide to setting up password-less authentication to enable me to do 
> this?
> 

http://www.funtoo.org/Keychain

Note that you, portage and root are 3 different users, so you must make
key pairs for reach on each source machine you will ssh from.

Then you need to add each of those user's public keys to each
destination user's authorized_keys file on each machine you want to ssh to.

That can be a lot of key copying :-) 3 x 3 x # of machines

Finally, on each machine you will ssh from and as each user who will do
the ssh'ing, you must run keychain at least once to store the key creds.
They should then persist until reboot, when you must run keychain again
for each user.

The idea is that a given user's keychain creds are valid over all that
user's login sessions on a machine. User's cannot share each other's
keychain


-- 
Alan McKinnon
alan.mckinnon@gmail.com



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] Using SSH around the LAN
  2016-07-12 15:42 [gentoo-user] Using SSH around the LAN Peter Humphrey
  2016-07-12 15:48 ` Alan McKinnon
@ 2016-07-12 15:49 ` R0b0t1
  2016-07-12 15:51 ` Alarig Le Lay
  2 siblings, 0 replies; 7+ messages in thread
From: R0b0t1 @ 2016-07-12 15:49 UTC (permalink / raw
  To: gentoo-user

On Tue, Jul 12, 2016 at 10:42 AM, Peter Humphrey <peter@prh.myzen.co.uk> wrote:
> Is there a guide to setting up password-less authentication to enable me to do
> this?
>
> --
> Rgds
> Peter

http://askubuntu.com/questions/46930/how-can-i-set-up-password-less-ssh-login

First one is free...


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] Using SSH around the LAN
  2016-07-12 15:42 [gentoo-user] Using SSH around the LAN Peter Humphrey
  2016-07-12 15:48 ` Alan McKinnon
  2016-07-12 15:49 ` R0b0t1
@ 2016-07-12 15:51 ` Alarig Le Lay
  2 siblings, 0 replies; 7+ messages in thread
From: Alarig Le Lay @ 2016-07-12 15:51 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 657 bytes --]

On Tue Jul 12 16:42:12 2016, Peter Humphrey wrote:
> Hello list,
> 
> I remember some time ago reading a guide on the Web to using ssh and keychain 
> to simplify routine tasks, but now I can't find it.
> 
> What I want to do is to use scp, ssh and rsync to copy files and directories 
> from one local machine to another, without having to submit a password on 
> every occasion. I want to be able to do this as myself, as portage or as root.
> 
> Is there a guide to setting up password-less authentication to enable me to do 
> this?

Hi,

You can use a password-less key and you will not be prompted to enter a
password.

-- 
alarig

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] Using SSH around the LAN
  2016-07-12 15:48 ` Alan McKinnon
@ 2016-07-13  8:48   ` Peter Humphrey
  2016-07-13 17:23     ` Mick
  0 siblings, 1 reply; 7+ messages in thread
From: Peter Humphrey @ 2016-07-13  8:48 UTC (permalink / raw
  To: gentoo-user

On Tuesday 12 July 2016 17:48:33 Alan McKinnon wrote:
> On 12/07/2016 17:42, Peter Humphrey wrote:
> > Is there a guide to setting up password-less authentication to enable me
> > to do this?
> 
> http://www.funtoo.org/Keychain

Thanks Alan. I don't think it's the one I read before but it looks useful 
anyway.

> Note that you, portage and root are 3 different users, so you must make
> key pairs for each on each source machine you will ssh from.
> 
> Then you need to add each of those user's public keys to each
> destination user's authorized_keys file on each machine you want to ssh to.
> 
> That can be a lot of key copying :-) 3 x 3 x # of machines
> 
> Finally, on each machine you will ssh from and as each user who will do
> the ssh'ing, you must run keychain at least once to store the key creds.
> They should then persist until reboot, when you must run keychain again
> for each user.

Hmm. I may end up just allowing ssh password authentication and relying on my 
vDSL router to keep other people's noses out of my business. The portage user 
can't log in anyway, so its scp-ing and rsyncing would have to be done by 
root.

> The idea is that a given user's keychain creds are valid over all that
> user's login sessions on a machine. Users cannot share each other's
> keychain

You've given me plenty to think about - thanks again.

-- 
Rgds
Peter



^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] Using SSH around the LAN
  2016-07-13  8:48   ` Peter Humphrey
@ 2016-07-13 17:23     ` Mick
  2016-07-14  7:48       ` Peter Humphrey
  0 siblings, 1 reply; 7+ messages in thread
From: Mick @ 2016-07-13 17:23 UTC (permalink / raw
  To: gentoo-user

[-- Attachment #1: Type: text/plain, Size: 1702 bytes --]

On Wednesday 13 Jul 2016 09:48:59 Peter Humphrey wrote:
> On Tuesday 12 July 2016 17:48:33 Alan McKinnon wrote:
> > On 12/07/2016 17:42, Peter Humphrey wrote:
> > > Is there a guide to setting up password-less authentication to enable me
> > > to do this?
> > 
> > http://www.funtoo.org/Keychain
> 
> Thanks Alan. I don't think it's the one I read before but it looks useful
> anyway.
> 
> > Note that you, portage and root are 3 different users, so you must make
> > key pairs for each on each source machine you will ssh from.
> > 
> > Then you need to add each of those user's public keys to each
> > destination user's authorized_keys file on each machine you want to ssh
> > to.
> > 
> > That can be a lot of key copying :-) 3 x 3 x # of machines
> > 
> > Finally, on each machine you will ssh from and as each user who will do
> > the ssh'ing, you must run keychain at least once to store the key creds.
> > They should then persist until reboot, when you must run keychain again
> > for each user.
> 
> Hmm. I may end up just allowing ssh password authentication and relying on
> my vDSL router to keep other people's noses out of my business. The portage
> user can't log in anyway, so its scp-ing and rsyncing would have to be done
> by root.
> 
> > The idea is that a given user's keychain creds are valid over all that
> > user's login sessions on a machine. Users cannot share each other's
> > keychain
> 
> You've given me plenty to think about - thanks again.

Something else to think about is to only allow the login shell to execute 
limited command(s), for example to only be able to su to portage and run rsync 
or some such.
-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [gentoo-user] Using SSH around the LAN
  2016-07-13 17:23     ` Mick
@ 2016-07-14  7:48       ` Peter Humphrey
  0 siblings, 0 replies; 7+ messages in thread
From: Peter Humphrey @ 2016-07-14  7:48 UTC (permalink / raw
  To: gentoo-user

On Wednesday 13 Jul 2016 18:23:56 Mick wrote:

> Something else to think about is to only allow the login shell to execute
> limited command(s), for example to only be able to su to portage and run
> rsync or some such.

Hmm...

-- 
Rgds
Peter



^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2016-07-14  7:48 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-07-12 15:42 [gentoo-user] Using SSH around the LAN Peter Humphrey
2016-07-12 15:48 ` Alan McKinnon
2016-07-13  8:48   ` Peter Humphrey
2016-07-13 17:23     ` Mick
2016-07-14  7:48       ` Peter Humphrey
2016-07-12 15:49 ` R0b0t1
2016-07-12 15:51 ` Alarig Le Lay

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox