Ok, here is where I'm at..... Most of our boxes are running the original ssh2 (not openssh) I'm only seeing the known_hosts file in my .ssh2 directory. How are these other files generated? I know I can do a ssh-keygen to get a 1024 bit local key encrypting a passphrase. Then I'm going to have to modify my ssh2_config and sshd2_config to work with hostname authentication. I guess I'm stuck on getting the other files generated. Any ideas.
Mike On Wednesday 01 May 2002 03:39 pm, [EMAIL PROTECTED] wrote: > On Wed, May 01, 2002 at 01:56:41PM -0500, Mike wrote: > > Has anyone done any host based authentication with SSH or OpenSSH. > > I'm trying to automate a scp (secure copy) cron job. > > Yep, I've done it. It's not as hard as the docs want to make it > out to be. Here's how: > > In the user's ~/.ssh directory are several relevant files: > > authorized_keys > identity.pub > known_hosts > known_hosts2 > > So let's assume for a moment that "host1" is the machine from which > the file is being copied, and "host2" is the target of the copy. > Let's further assume that user "wrstone" with the home directory > path "/home/wrstone" is making the copy and that both users exist > on both machines. > > Here's the basic crux of the matter. To do this seamlessly, the > file host2:/home/wrstone/.ssh/authorized_keys needs to have the > contents of host1:/home/wrstone/.ssh/identity.pub. > > This is actually pretty easy. Copy > host1:/home/wrstone/.ssh/identity.pub to > host2:/home/wrstone/.ssh/identity.host1. > > Next, cat identity.host1 >> authorized_keys. > > And that's that. Now host1 should be able to scp files to and from > host2 without being prompted for a password or other identifying > characteristics. For that matter, the user will be able to ssh to > host2 without being prompted, either. > > Now, it goes without saying that this shouldn't be done with user > root -- if someone were to hack host1, they've automatically hacked > host2. > > In fact, if you want to do it really slickly, you'll invent some > user on both hosts with really limited access rights -- a user > whose sole purpose is to scp files for other users. When the real > user drops a file in a copy directory on host1, a user level > cronjob watches that directory and eventually copies it to an > inbound directory on host2. And then you have some user cronjob on > host2 watch for inbound files and distribute them. > > It's a little more complicated, but by doing it this way, you avoid > "trusted" users between systems. > > Hope this helps. > > Bill Stone > ___________________________________________________________________ > William Stone, III | Certifications: CISSP, RHCE, CCNA > Proprietor | Phone: (605) 232-6771 > William Stone & Associates | FAX: (605) 232-6763 > P.O. Box 1967 | E-Mail: [EMAIL PROTECTED] > North Sioux City, SD 57049 | Web: http://www.wrstone.com > ______________________________|____________________________________
