Reuben Hawkins <reubenhwk@xxxxxxxxx> writes: > On Wed, Apr 22, 2015 at 1:53 PM, Gert Doering <gert@xxxxxxxxxxxxxx> wrote: >> Hi, >> >> On Wed, Apr 22, 2015 at 01:26:06PM -0700, Reuben Hawkins wrote: >>> Let me know if I'm missing something. :) >> >> Signed keys from a common CA? > > I don't think the signed key helps in my particular case (I may be > wrong, if so please correct me). > > I'm working on a management application and the next version's big > feature is network security via SSH. My application is actually > backwards from most other client/server models. It's backwards in > that the "server" initiates connections to the "clients" (so the ssh > client runs on the "server", sshd on the "clients") to make the > clients do things (let's just say run updates as an example). I need > to get the server user's public key into the client's authorized_keys > file when the client software is installed. I can't think of a way to > get the public key from the server other than the private key > hardcoded into the installer and the corresponding hardcoded public > key in the server's authorized_keys file like this... > command="cat ~/.ssh/id_rsa.pub",other-safty-restrictions ssh-rsa AAAA.... > > With this anybody can get the server user's public key. I think you need to describe what you're after in terms of which group is meant to be generating keys, and what those keys are supposed to be trusted to do once everything's running. Is the key that you're interested in transfering being generated by the competent people in this arangement, or by the unskilled customers? If the key is being generated by the machine belonging to the unskilled customer, then I understand your problem, and the reason for the solution, but I'm not quite sure. It sounds like you have a key on an administration server that you want to get to the boxes being administrated. I presume that the people running the admin server can be expected to be a bit more capable? Is there any reason why you cannot simply ship the authorized_keys file with your software? Perhaps GPG signed? Or publish the GPG signed authorized_keys file on your web site? BTW For the case where the clients want to only offer access when they feel like it, rather than letting a cron job on the admin-server in whenever it feels like it, you could try not having keys on the server, and instead use agent forwarding such that the clients only trust a key they generated themselves, which they keep to themselves, as described in the example here: http://wiki.hands.com/howto/passphraseless-ssh/ HTH Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/ http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev