Trusted ssh/scp and Linux (Slackware 7)

[Derek Martin]

On Fri, 14 Jul 2000, Scott Ehrlich wrote:

> My biggest question now is how to set up the scp trust between the four
> machines (now) each containing log files, and a central destination system
> to receive said logs?  The goal is for an automated secure copy so no user
> intervention needs to enter a password for ssh authentication for scp to
> work.   The logs will most likely get transferred to one account on the
> destination site.

You need to create a key to use, and create it WITH NO PASSPHRASE.
Obviously this has implications, so you'll want to make sure that you're
careful about who has physical access to the key file.  

Since the user that will run the script is likely root, this probably
isn't much different from keeping the root password secure.  Make sure
your permissions on your .ssh directory are very restrictive.

You can either create one key per machine and put them all in the
authorized_keys file on the target, or create one key and copy it to all
the source machines.  Neither seems to present much of an advantage;
though I normally wouldn't recommend copying keys around like that, under
the circumstances I don't see how it would matter.

-- 
Derek Martin
System Administrator
Mission Critical Linux
martin at MissionCriticalLinux.com 

-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).