From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3DDC5138306 for ; Wed, 13 Jul 2016 08:49:12 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 451EC21C0B9; Wed, 13 Jul 2016 08:49:02 +0000 (UTC) Received: from smarthost03a.mail.zen.net.uk (smarthost03a.mail.zen.net.uk [212.23.1.20]) by pigeon.gentoo.org (Postfix) with ESMTP id EFAEF21C06C for ; Wed, 13 Jul 2016 08:49:00 +0000 (UTC) Received: from [82.69.80.10] (helo=peak.localnet) by smarthost03a.mail.zen.net.uk with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from ) id 1bNFql-0001US-VY for gentoo-user@lists.gentoo.org; Wed, 13 Jul 2016 08:49:00 +0000 From: Peter Humphrey To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Using SSH around the LAN Date: Wed, 13 Jul 2016 09:48:59 +0100 Message-ID: <2701720.vLVCXgLEGK@peak> User-Agent: KMail/4.14.10 (Linux/4.6.4-gentoo; KDE/4.14.21; x86_64; ; ) In-Reply-To: <8edc0eb5-90be-97dd-0f46-cd064d14110f@gmail.com> References: <3204898.5HjzndUZvb@peak> <8edc0eb5-90be-97dd-0f46-cd064d14110f@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" X-Originating-smarthost03a-IP: [82.69.80.10] X-Archives-Salt: 2c649a3d-d8ce-44d4-a5c0-e6e976c63cf6 X-Archives-Hash: d6155eb2e6e2f60bf0e41b51658cb261 On Tuesday 12 July 2016 17:48:33 Alan McKinnon wrote: > On 12/07/2016 17:42, Peter Humphrey wrote: > > Is there a guide to setting up password-less authentication to enable me > > to do this? > > http://www.funtoo.org/Keychain Thanks Alan. I don't think it's the one I read before but it looks useful anyway. > Note that you, portage and root are 3 different users, so you must make > key pairs for each on each source machine you will ssh from. > > Then you need to add each of those user's public keys to each > destination user's authorized_keys file on each machine you want to ssh to. > > That can be a lot of key copying :-) 3 x 3 x # of machines > > Finally, on each machine you will ssh from and as each user who will do > the ssh'ing, you must run keychain at least once to store the key creds. > They should then persist until reboot, when you must run keychain again > for each user. Hmm. I may end up just allowing ssh password authentication and relying on my vDSL router to keep other people's noses out of my business. The portage user can't log in anyway, so its scp-ing and rsyncing would have to be done by root. > The idea is that a given user's keychain creds are valid over all that > user's login sessions on a machine. Users cannot share each other's > keychain You've given me plenty to think about - thanks again. -- Rgds Peter