I'm testing routing on my network of radio nodes.
This involves a lot of root access to the nodes and file moves
through my firewall. Repeated setting up of root sessions to
each node every time I set up to test was getting under my skin,
so when I came across this tech note it motivated me to come up
with something easier.
The section titled Secure shell - Simple Remote Login
caught my eye. What follows is a cookbook set up largely derived
from that note. Note this is only appropriate from a Linux
workstation. Something similar may be possible from Windows
but I'm the wrong person to ask if it is.
The following works on RedHat 8.0 and 9.0 at least.
My main workstation runs KDE
First
Generate yourself a pass phrase of a strength you are happy with.
For a reasonable discussion and recommendations.
Second
On a console terminal (Konsole, xterm, eterm etc)
on your "Safe, secure, internal" workstation, type:-
ssh-keygen -t rsa
To generate a 1024 bit RSA key.
Secure this key with your shiny new pass phrase.
Third
Copy the file .ssh/id_rsa.pub (your new public key you
just generated) to :-
/root/.ssh/authorized_keys
on the target nodes that you want to control.
SCP is your friend! ;)
(append the key if the file already exists)
Fourth
Test by typing:-
ssh-agent /bin/bash
ssh-add
and answering the prompt with your shiny new pass phrase.
then:-
ssh -v root@yournode
and if all is well, you have a root session on yournode
Fifth
Automate this with a script file as below
(names resolve to router node addresses via my local DNS)
#! /bin/bash
ssh-agent /bin/bash &
ssh-add
konsole -e ssh root@pei &
konsole -e ssh root@aichen &
konsole -e ssh root@liang &
This will open three concurrent console windows and from each
start an ssh connection to a target node, automatically authenticating
you via the public key held on the remote node.
The foreground console remains open and also has access to your keyfile
so an SCP command from here, for instance, will automatically and
securely authenticate to the target node, without further action
on your part.
I have this script as startall
I admit I posed the windows, but the logins are real...
Harry Moyes
Posted by harry at July 4, 2003 12:20 AMHarry said, "Something similar may be possible from Windows but I'm the wrong person to ask if it is."
ssh xterm sessions using using keys is possible from W32 environments using the freeware application putty. The same author has released free versions of scp and other utils.
See:
http://www.chiark.greenend.org.uk/~sgtatham/putty/
Regards
D
Posted by: darren at July 4, 2003 11:49 AMI'm aware of putty and winscp2, both very nice tools.
It's the ssh-agent and ssh-add bits, and the ability to authenticate via an RSH key that I don't know how to do in Windows.
Harry
Posted by: Harry Moyes at July 4, 2003 09:46 PMHi H,
Follow the link from my first comment above and look at download section where you will find some useful putty "addons" such as:
Plink (a command-line interface to the PuTTY back ends),
Pageant (an SSH authentication agent for PuTTY, PSCP and Plink) and
PuTTYgen (an RSA key generation utility).
HTH
D
Posted by: darren at July 5, 2003 03:23 PMHey come-on, I'm way ahead of you guys!.......
Using public key authentication under KDE means you can use addresses like sftp://harry@shoka.box in konqueror and browse the other computer as if it was your local machine.
Handy for securely uploading to webserver, although I'd be careful when using it on a live website.
Posted by: Rob at July 5, 2003 05:00 PM