Re: [PLUG] Setting up SSH public key on OSX

Eric at Lucii.org on 17 Nov 2011 11:19:04 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Setting up SSH public key on OSX

From: "Eric at Lucii.org" <eric@lucii.org>
To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Setting up SSH public key on OSX
Date: Thu, 17 Nov 2011 14:18:47 -0500
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.23) Gecko/20110921 Thunderbird/3.1.15

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I tend to have a single key pair on my workstation and just place that public key on each remote server that I need to connect to.   Occasionally I have the need to move something from server to server so I'll generate a key pair and copy the public key over.  That's rare and I remove the key when I'm done.  Typically this is for BIG files - smaller stuff I just pull to my workstation and then push out to the other server.

I also tend to keep the same key pair on my laptop that I have on my workstation.
Probably not good...

Eric


On 11/17/2011 12:52 PM, Paul Walker wrote:
> Finally revisited this and got it working. The problem is that I was generating the key on the remote side then copying it down. Once I flipped the script everything worked fine.
> 
> Follow-up question:
> 
> Is it necessary / important to use different keys for different hosts? (I guess if the host is compromised then the key is compromised.)
> 
> On an osx box, where do I configure additional keys?
> 
> Thanks for the help!
> 
> Paul Walker
> toomodernmedia.com <http://toomodernmedia.com>
> 
> On Sat, Oct 22, 2011 at 12:53 PM, sean finney <seanius@seanius.net <mailto:seanius@seanius.net>> wrote:
> 
>     Hiya,
> 
>     On Thu, Oct 20, 2011 at 12:37:25PM -0400, Paul Walker wrote:
>     > I'm trying to set up a public key to connect to SSH using public key
>     > authentication to improve my Git workflow....
>     >
>     > The remote server is Ubuntu 10.0.4.
>     > I generate the keys with the command:
>     >
>     > ssh-keygen -t rsa -C "root@mydomain.com <mailto:root@mydomain.com>"
>     >
>     >
>     > press return three times, then am pasting the contents of  id_rsa.pub into a
>     > newly created authorized_keys file in ~/.ssh/ on my local machine running
>     > OSX...
> 
>     I'm going to say a thing or two because I haven't seen anyone else do it,
>     and i think it's prudent...
> 
>     first, put a passphrase on your private key. if you want passwordless
>     ssh, learn how to set up ssh-agent (or some mac keyring equivalent).
>     without a password, anyone who gets access to your machine instantly
>     has full acccess to that key and thus the remote account.
> 
>     second, given the comment you put with the key, i'm going to make the
>     assumption that you're pushing stuff as root, which is also another
>     big NO-NO.  Instead you should use either a personal account or better, a
>     dedicated "git" account with no other special privileges, to own the gits.
> 
>     Then for bonus points, there's a lot of other neat things you can do with
>     your remote authorized_keys file, to *really* lock it down.  for example,
>     forcing a specific command, only allowing certain host/network blocks,
>     block port forwarding, pty allocation, etc.  This might go a bit into
>     advanced territory, but it's possible to even set up keypairs that can
>     *only* be used for git push/pull commands.
> 
>     You might consider this overkill, I guess that's subjective, but it's
>     definitely good practice to understand how the tools can be used safely.
>     The difference in damage-control is pretty significant, anyway...
> 
>            sean
>     ___________________________________________________________________________
>     Philadelphia Linux Users Group         --        http://www.phillylinux.org
>     Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
>     General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
> 
> 
> 
> 
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

- -- 
#  Eric Lucas
#
#                "Oh, I have slipped the surly bond of earth
#                 And danced the skies on laughter-silvered wings...
#                                        -- John Gillespie Magee Jr
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk7FXhcACgkQ2sGpvXQrZ/6/ZgCgh/3TA9Pfv85qZzUfJOIcHUnq
j2IAniwJzoGeQGwKhWTige717q8D8lXo
=WAEV
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Setting up SSH public key on OSX
  - From: Julien Vehent <julien@linuxwall.info>

References:
- Re: [PLUG] Setting up SSH public key on OSX
  - From: Paul Walker <starsinmypockets@gmail.com>

Prev by Date: Re: [PLUG] Setting up SSH public key on OSX
Next by Date: Re: [PLUG] Setting up SSH public key on OSX
Previous by thread: Re: [PLUG] Setting up SSH public key on OSX
Next by thread: Re: [PLUG] Setting up SSH public key on OSX
Index(es):
- Date
- Thread