<div dir="ltr">We have a pile of Linux servers here at work. We'd like to set up the shared keys to simplify admin via SSH. Here's the thing (quoted from an email I received):<div><br></div><div><p class="MsoNormal">
We are thinking of putting public/private ssh keys on all of
our Linux servers.</p>
<p class="MsoNormal">The purpose of this is so that our central admin server can
“do stuff’ on all of our servers without needing a password. We are wondering how far to go for convenience.</p><p class="MsoNormal"></p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Below are restrictions that we can place on the key pair
(there may be others, but these are the ones of which I’m aware). Have a look at each restriction and consider whether we
should use the restriction or not. Basically it would be most convenient to have none of the
restrictions. </p>
<p class="" style><span style="font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">
</span></span>We can create a password on the key pair</p>
<p class="" style="margin-left:1in"><span style="font-family:'Courier New'">o<span style="font-size:7pt;font-family:'Times New Roman'"> </span></span>This
would defeat the whole purpose of using the key pair to avoid passwords</p>
<p class="" style><span style="font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">
</span></span>We can limit which user can run things on the
target machine</p>
<p class="" style="margin-left:1in"><span style="font-family:'Courier New'">o<span style="font-size:7pt;font-family:'Times New Roman'"> </span></span>Most
likely, we would install the public key for the user root (therefore things
would run as user=root)</p>
<p class="" style><span style="font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">
</span></span>We can limit what commands can be run on the
target machine</p>
<p class="" style="margin-left:1in"><span style="font-family:'Courier New'">o<span style="font-size:7pt;font-family:'Times New Roman'"> </span></span>We
would like to leave this wide open so we can run anything remotely</p>
<p class="" style><span style="font-family:Symbol">·<span style="font-size:7pt;font-family:'Times New Roman'">
</span></span>We can limit the source machine that can
initiate remote commands (ie – commands can only come from the admin machine)</p>
<p class="" style="margin-left:1in"><span style="font-family:'Courier New'">o<span style="font-size:7pt;font-family:'Times New Roman'"> </span></span>It
would be nice to not have this limit as we could move the private key onto
other machines (eg a VM on your desktop) to be able to run things remotely</p>
<p class="" style="margin-left:1in"><span style="font-family:'Courier New'">o<span style="font-size:7pt;font-family:'Times New Roman'"> </span></span>The
downside is that if anybody gets the private key, they can do anything</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Note that firewalls should prevent people from the internet
trying to connect to ssh.</p></div><div><br></div><div>[Comments, anyone? - Kevin]</div></div>