Re: shared private key

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 22/04/15 16:42, Reuben Hawkins wrote:
Hi SSH-devs,

This may be a bit off topic for this list, but....

Would it be ok to share a private key in an installer script so long
as the corresponding public key is setup like this...

command="cat ~/.ssh/id_rsa.pub" ssh-rsa AAAA...
You would also need at least no-port-forwarding

I'd add all available restricting options.


I'm looking for a secure way to get a user to share their public key
through SSH which can be invoked from an installer on another
host...for example...

# ssh-keyscan server.local>  .ssh/known_hosts
# ssh -i hardcoded_private_key server.local>  .ssh/authorized_keys

Of course in this installer the key fingerprints will be examined by
the user before any keys are actually put in known hosts and
authorized_keys.

Is this secure?  Is there a better way?
I see no obvious flaw. Everything depends on the integrity of the server, but you already knew that…


PS: Why ssh-keyscan? You can hardcode it directly in the known_hosts of .ssh or /etc

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev





[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux