| Creating Shared Host Keys |
[17 Nov 2007|11:18am] |
This is an article aimed at mostly system administrators and people that use SSH on a daily basis to connect to remote clients and servers. I myself have been wanting to set this up for quite some time and now I've found the time and need too! I currently have multiple servers each running several various services. I plan on setting it up so that when one server makes a backup of a few databases it can automatically connect to another server and upload the backups there for safe keeping. While it sounds semi-complicated, especially when trying to get the servers talk to each other without any user interaction, it's not all that bad!
In order to get the servers to talk to each other without having me type in usernames and passwords I'll be creating special "keys" that allow them to talk without user intervention!
In our example I have Server1 which makes the actual backups of my databases, on Server2 I have a nice RAID setup so I can keep my backups safe and secure! Server2 is where I want to put Server1's backup files. Also the user I am using for an example on Server1 is jimmy and on Server2 it is jimmy2. Hopefully it's not too confusing!
On Server1 I will open up a Terminal and type in:
ssh-keygen -t rsa
It will ask you where you want to save the key (usually something like /Users/your-username/.ssh/) - just hit enter here. It will then ask you to input a passphrase, just hit here and again when it asks you to 'enter in the same passphrase'. It will then spit out something like:
Your identification has been saved in /Users/jimmy/.ssh/id_rsa.
Your public key has been saved in /Users/jimmy/.ssh/id_rsa.pub.
The key fingerprint is:
88:99:60:ee:eb:e5:ac:1f:fb:fe:ae:83:5c:3c:c4:0b jimmy@mycomputer
Perfect!
Now we need to put this special key onto the machine you want to remotely connect too, in this case Server2.
What I did was use rsync:
rsync -avz /Users/jimmy/.ssh/id_rsa.pub jimmy@ip-address-of-Server2:/Users/jimmy2/.ssh/
This bit:
rsync -avz /Users/jimmy/.ssh/id_rsa.pub
Will sync the file -- id_rsa.pub from Server1 to the user account of 'jimmy2' on Server2. It will put that file into:
/Users/jimmy2/.ssh/
So now you can SSH into Server2, you will still be prompted for a password. Go into the .ssh directory for the user you synced the id_rsa.pub file too, in this example the user is jimmy2:
cd ~/.ssh/
Now type:
mv id_rsa.pub authorized_keys
You can even copy and paste that command. That command will just rename the id_rsa.pub file to 'authorized_keys'.
Now if all went well you can SSH from Server1 to Server2 and not be prompted for a password! This is a really excellent technique for moving files such as backups or when making mirror(s) of a website and not needing to input the password to the server(s) each time!
A note of warning though! If you remember when we were making our special key it prompted to input a passphrase, the passphrase makes your key more secure, but it will prompt you for that passphrase every time you want to connect defeating the purpose of this exercise. You should also keep track of which servers/clients can connect to each other without a password.
It's also possible to get Server2 to go into Server1 without requiring a password. Follow the same steps to create the key, I renamed it to id_rsa2.pub and then used rsync to move it to Server1. Then I just renamed it authorized_keys using the above 'mv' command.
Good luck!
I used this website to help me:
http://ammonlauritzen.com/blog/index.php/2006/04/16/shared_key_ssh_authentication
|
|
| 1 Game Down |
[17 Nov 2007|04:20pm] |
| [ |
mood |
| |
 accomplished |
] |
I've been quite busy with work and playing some of my new video games. I am very close to beating Legend of Zelda: Wind Waker and I just beat The NEW Super Mario Bros. Bother very very good games.
I also attempted to play Assassin's Creed last night, but I think I was just to tired to comprehend what was going on in the game. The graphics are very very cool though, the controls and something that I've never experienced before, very new and unique. I think that game will have to wait until I actually have time to sit down and understand how it works. The story is also something that is something that I didn't think it would be. So yeah, it's good but I have to find some time to work with it.
Tonight (in about an hour) Emilie and I are going to this equestrian 4H banquet in Montpelier. I think that should be fun.
I didn't do much else today but work on Wind Waker and this Mario Bros. game. Fun times, I think tonight I will finish up Wind Waker and work on some homework.
I also am trying out Maple Story, but that too needs a lot of my time to understand how it works. I really want to setup a ROSE Online server, but I am not sure if they've got it working under Linux yet, we'll see. Or a Ragnarok Online Server...I do wish both of those had OS X client, it's to bad.
I finally picked up a copy of NewType before programming class on Thursday. It's this really nifty anime magazine I'd been hearing/reading about. It's actually really good, I like it a lot. The only downside is that it's pretty expensive...I might ask for a subscription for Christmas though...if you're into anime and stuff, definitely check it out.
Alright I am off to go do who knows what...
|
|
| Getting through Port 548! |
[17 Nov 2007|10:21pm] |
|
It looks like Apple released a firmware update (version 7.1) that will let you use port 548 on the new Apple base stations. This is really nice because I don't use AirDisk currently and I would like to be using AFP on 548. Unfortunately you can't remotely update the firmware so it's going to have to wait for another day...
|
|
![[info]](https://www.scribbld.com/img/userinfo.gif){kind=small}
jimmy's journal