[K12OSN] ssh key generation

Immanuel Derks I.Derks at translucent.nl
Wed May 26 07:15:25 UTC 2004

Op di 25-05-2004, om 22:10 schreef Henry Burroughs:
> (Pardon the reply formating... Evolution only copied part of the reply
> off the digest.. so I had to copy-paste).
> Immanuel,
> Does your application server share (ie: via NFS) the same home directory
> as your login/terminal server?  If so, you shouldn't have to scp the
> files to a different server.  All you would have to do is:
> cat $HOME/.ssh/id_rsa.pub >> $HOME/.ssh/authorized_keys

That is an idea, indeed. I'll see if we can set it up like that.
> instead of scp.  You should use >> if you wish to keep any other
> authorized keys the user has, otherwise you can use a plain "cp" or
> change >> to > and overwrite the file.  Now do you want to have this run
> every time the user logs in, or only the first time?

Well, that is still an open question. Anyway we'll have to automate
things up till the point that 1000+ students become manageable with ssh
key authentications for the app server. My guess would be to run it just
for the first time, and have the keys, authorized_keys files and
known_hosts file backed up in case of loss. (they can't be made ro or
root I thought because ssh is quiet strict on that).

The most headache up to this point are the known_hosts files because
these seem to need user intervention to create and I haven't found a way
to circumvent that. Any idea's are more then welcome here.

Regards Immanuel
> Henry Burroughs
> Immanuel Derks wrote:
> Hi all,
> I would like to know if other people who run separate application
> servers over ssh have figured out an elegante solution for public key
> production and distribution through a network without bothering students
> with this.
> It's easy to produce the keys without user intervention during login
> like:
> ssh-keygen -t rsa -q -f $HOME/.ssh/id_rsa -C '' -N ''
> But then the public key has to copied to the appserver like 
> scp -l $USER $HOME/.ssh/id_rsa.pub appserver:$HOME/.ssh/id_rsa.pub
> and this would need a passwd from the user, so does one need to agree
> with the production of the known_hosts file on the client side.
> Kind regards,
> Immanuel Derks
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

More information about the K12OSN mailing list