On Wednesday 13 Jul 2016 09:48:59 Peter Humphrey wrote: > On Tuesday 12 July 2016 17:48:33 Alan McKinnon wrote: > > On 12/07/2016 17:42, Peter Humphrey wrote: > > > Is there a guide to setting up password-less authentication to enable me > > > to do this? > > > > http://www.funtoo.org/Keychain > > Thanks Alan. I don't think it's the one I read before but it looks useful > anyway. > > > Note that you, portage and root are 3 different users, so you must make > > key pairs for each on each source machine you will ssh from. > > > > Then you need to add each of those user's public keys to each > > destination user's authorized_keys file on each machine you want to ssh > > to. > > > > That can be a lot of key copying :-) 3 x 3 x # of machines > > > > Finally, on each machine you will ssh from and as each user who will do > > the ssh'ing, you must run keychain at least once to store the key creds. > > They should then persist until reboot, when you must run keychain again > > for each user. > > Hmm. I may end up just allowing ssh password authentication and relying on > my vDSL router to keep other people's noses out of my business. The portage > user can't log in anyway, so its scp-ing and rsyncing would have to be done > by root. > > > The idea is that a given user's keychain creds are valid over all that > > user's login sessions on a machine. Users cannot share each other's > > keychain > > You've given me plenty to think about - thanks again.
Something else to think about is to only allow the login shell to execute limited command(s), for example to only be able to su to portage and run rsync or some such. -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
