Ok discard all problems... http://www.employees.org/~satch/ssh/faq/ssh-faq.html
My new ssh friend. Has a really good hostbased section. It's up and running, and nearing a finish to my task. This is part of a multi-server backup solution. If anyone is interested ask me about how this works at the meeting, and be prepared to be there for a while. Mike On Wednesday 01 May 2002 10:46 pm, Mike wrote: > Ok, here is where I'm at..... Most of our boxes are running the original > ssh2 (not openssh) I'm only seeing the known_hosts file in my .ssh2 > directory. How are these other files generated? I know I can do a > ssh-keygen to get a 1024 bit local key encrypting a passphrase. Then I'm > going to have to modify my ssh2_config and sshd2_config to work with > hostname authentication. I guess I'm stuck on getting the other files > generated. Any ideas. > > Mike > > On Wednesday 01 May 2002 03:39 pm, [EMAIL PROTECTED] wrote: > > On Wed, May 01, 2002 at 01:56:41PM -0500, Mike wrote: > > > Has anyone done any host based authentication with SSH or OpenSSH. > > > I'm trying to automate a scp (secure copy) cron job. > > > > Yep, I've done it. It's not as hard as the docs want to make it > > out to be. Here's how: > > > > In the user's ~/.ssh directory are several relevant files: > > > > authorized_keys > > identity.pub > > known_hosts > > known_hosts2 > > > > So let's assume for a moment that "host1" is the machine from which > > the file is being copied, and "host2" is the target of the copy. > > Let's further assume that user "wrstone" with the home directory > > path "/home/wrstone" is making the copy and that both users exist > > on both machines. > > > > Here's the basic crux of the matter. To do this seamlessly, the > > file host2:/home/wrstone/.ssh/authorized_keys needs to have the > > contents of host1:/home/wrstone/.ssh/identity.pub. > > > > This is actually pretty easy. Copy > > host1:/home/wrstone/.ssh/identity.pub to > > host2:/home/wrstone/.ssh/identity.host1. > > > > Next, cat identity.host1 >> authorized_keys. > > > > And that's that. Now host1 should be able to scp files to and from > > host2 without being prompted for a password or other identifying > > characteristics. For that matter, the user will be able to ssh to > > host2 without being prompted, either. > > > > Now, it goes without saying that this shouldn't be done with user > > root -- if someone were to hack host1, they've automatically hacked > > host2. > > > > In fact, if you want to do it really slickly, you'll invent some > > user on both hosts with really limited access rights -- a user > > whose sole purpose is to scp files for other users. When the real > > user drops a file in a copy directory on host1, a user level > > cronjob watches that directory and eventually copies it to an > > inbound directory on host2. And then you have some user cronjob on > > host2 watch for inbound files and distribute them. > > > > It's a little more complicated, but by doing it this way, you avoid > > "trusted" users between systems. > > > > Hope this helps. > > > > Bill Stone > > ___________________________________________________________________ > > William Stone, III | Certifications: CISSP, RHCE, CCNA > > Proprietor | Phone: (605) 232-6771 > > William Stone & Associates | FAX: (605) 232-6763 > > P.O. Box 1967 | E-Mail: [EMAIL PROTECTED] > > North Sioux City, SD 57049 | Web: http://www.wrstone.com > > ______________________________|____________________________________
