Pau Garcia i Quiles
2006-Jan-22 17:06 UTC
[Rails] SwitchTower with public key authentication?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, BEWARE: this is not a Rails question, but a SwitchTower question. I am asking here because SwitchTower is usually employed with Rails. I am developing what we may call a "distributed video player" in Ruby (this is NOT a Rails application). It works this way: I have several boxes that play videos and one server, where I store the contents I will later send to the playing boxes (videos are played from local files, not streamed). When I want to play a video, I want to play it at once in every box, so I must send it to every playing box, wait for the files to transfer to every box, then send a "play" command to every box. I''m thinking of using SwitchTower to automate that step. The problem is the password to transfer the files. I''ve read http://manuals.rubyonrails.com/read/chapter/97 and it looks like I need to have the same password for all servers. I don''t like this approach very much, I think it''s not very secure. So the question is: is it possible to use public key authentication in SwitchTower? - -- Pau Garcia i Quiles http://www.elpauer.org (En general no puedo contestar antes de 10 d?as) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFD07uH/DzYv9iGJzsRAhwyAKCb2tvH1glmddmOrHtLRqIXupYaRgCg0z81 jGSX+KdPX5qYs+wGZCmNM3w=kZRS -----END PGP SIGNATURE-----
Hi Pau, You can use ssh-agent and ssh-add to make your public keys available for every ssh connection. If you do that and then run Switchtower, you don''t have to enter any passwords. It''ll use the keys it gets from the ssh-agent. I used this page to set up my ssh-agent: http://mah.everybody.org/docs/ssh Hope that helps, Gijs van Tulder On 22/01/06, Pau Garcia i Quiles <pgquiles@elpauer.org> wrote:> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello, > > BEWARE: this is not a Rails question, but a SwitchTower question. I am asking > here because SwitchTower is usually employed with Rails. > > > I am developing what we may call a "distributed video player" in Ruby (this is > NOT a Rails application). It works this way: I have several boxes that play > videos and one server, where I store the contents I will later send to the > playing boxes (videos are played from local files, not streamed). > > When I want to play a video, I want to play it at once in every box, so I must > send it to every playing box, wait for the files to transfer to every box, > then send a "play" command to every box. > > I''m thinking of using SwitchTower to automate that step. The problem is the > password to transfer the files. I''ve read > http://manuals.rubyonrails.com/read/chapter/97 and it looks like I need to > have the same password for all servers. I don''t like this approach very much, > I think it''s not very secure. > > So the question is: is it possible to use public key authentication in > SwitchTower? > > - -- > Pau Garcia i Quiles > http://www.elpauer.org > (En general no puedo contestar antes de 10 d?as) > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (GNU/Linux) > > iD8DBQFD07uH/DzYv9iGJzsRAhwyAKCb2tvH1glmddmOrHtLRqIXupYaRgCg0z81 > jGSX+KdPX5qYs+wGZCmNM3w> =kZRS > -----END PGP SIGNATURE----- > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails >
I have ssh-agent working fine. Only when I try to connect to my own host, then it asks for a password. Any ideas on how to make it work from a host to the same host? -- G. On Jan 22, 2006, at 6:29 PM, Gijs van Tulder wrote:> Hi Pau, > > You can use ssh-agent and ssh-add to make your public keys available > for every ssh connection. If you do that and then run Switchtower, you > don''t have to enter any passwords. It''ll use the keys it gets from the > ssh-agent. > > I used this page to set up my ssh-agent: > http://mah.everybody.org/docs/ssh > > Hope that helps, > > Gijs van Tulder > > > On 22/01/06, Pau Garcia i Quiles <pgquiles@elpauer.org> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Hello, >> >> BEWARE: this is not a Rails question, but a SwitchTower question. >> I am asking >> here because SwitchTower is usually employed with Rails. >> >> >> I am developing what we may call a "distributed video player" in >> Ruby (this is >> NOT a Rails application). It works this way: I have several boxes >> that play >> videos and one server, where I store the contents I will later >> send to the >> playing boxes (videos are played from local files, not streamed). >> >> When I want to play a video, I want to play it at once in every >> box, so I must >> send it to every playing box, wait for the files to transfer to >> every box, >> then send a "play" command to every box. >> >> I''m thinking of using SwitchTower to automate that step. The >> problem is the >> password to transfer the files. I''ve read >> http://manuals.rubyonrails.com/read/chapter/97 and it looks like I >> need to >> have the same password for all servers. I don''t like this approach >> very much, >> I think it''s not very secure. >> >> So the question is: is it possible to use public key >> authentication in >> SwitchTower? >> >> - -- >> Pau Garcia i Quiles >> http://www.elpauer.org >> (En general no puedo contestar antes de 10 d?as) >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG v1.4.1 (GNU/Linux) >> >> iD8DBQFD07uH/DzYv9iGJzsRAhwyAKCb2tvH1glmddmOrHtLRqIXupYaRgCg0z81 >> jGSX+KdPX5qYs+wGZCmNM3w>> =kZRS >> -----END PGP SIGNATURE----- >> _______________________________________________ >> Rails mailing list >> Rails@lists.rubyonrails.org >> http://lists.rubyonrails.org/mailman/listinfo/rails >> > _______________________________________________ > Rails mailing list > Rails@lists.rubyonrails.org > http://lists.rubyonrails.org/mailman/listinfo/rails
> I have ssh-agent working fine. Only when I try to connect to my own > host, then it asks for a password. Any ideas on how to make it work > from a host to the same host?Stupid question perhaps, but have you added the public key of your own host to the list of authorized keys of that host (just like you''ve done for the remote hosts)? Gijs On 22/01/06, Guido Sohne <guido.sohne@gmail.com> wrote:> I have ssh-agent working fine. Only when I try to connect to my own > host, then it asks for a password. Any ideas on how to make it work > from a host to the same host? > > -- G.
On Jan 22, 2006, at 7:31 PM, Gijs van Tulder wrote:>> I have ssh-agent working fine. Only when I try to connect to my own >> host, then it asks for a password. Any ideas on how to make it work >> from a host to the same host? > > Stupid question perhaps, but have you added the public key of your own > host to the list of authorized keys of that host (just like you''ve > done for the remote hosts)? > > GijsNot a stupid question at all. Have done that, tried the RSA key and DSA key too. For various IP and name combinations too. Somehow, I think it should be something I need to add to something in /etc/ ssh ... but I can''t figure out exactly what. -- G.
> Somehow, I think it should be something I need to add to > something in /etc/ ssh ... but I can''t figure out exactly what.* In /etc/ssh/sshd_config, is PubkeyAuthentication set to yes? * Also in /etc/ssh/sshd_config, check if the name of the authorized_keys file is correct. (On some systems it''s called authorized_keys2.) * Check the permissions of your ~/.ssh/ directory and the authorized_keys file: chmod 755 and 644 respectively. Gijs On 22/01/06, Guido Sohne <guido.sohne@gmail.com> wrote:> On Jan 22, 2006, at 7:31 PM, Gijs van Tulder wrote: > > Not a stupid question at all. Have done that, tried the RSA key and > DSA key too. For various IP and name combinations too. Somehow, I > think it should be something I need to add to something in /etc/ > ssh ... but I can''t figure out exactly what. > > -- G.
On Jan 22, 2006, at 8:51 PM, Gijs van Tulder wrote:> * In /etc/ssh/sshd_config, is PubkeyAuthentication set to yes? > * Also in /etc/ssh/sshd_config, check if the name of the > authorized_keys file is correct. (On some systems it''s called > authorized_keys2.) > * Check the permissions of your ~/.ssh/ directory and the > authorized_keys file: chmod 755 and 644 respectively.All those appear to be in order. I double checked everything and was on the verge on sending it to say that was the case, then I decided to hunt a little more. I have a ssh agent that wasn''t reading its socket anymore. Started the app up again and it read its socket ok (accepted ssh-add ~/.ssh/id_dsa.pub) but no joy. Ultimately, it appears that what you thought to be a stupid question was in fact the problem! Between mail and terminal, my brain forgot each time to do AUTHORIZED_KEYS, and tab completed its way to KNOWN_HOSTS. Blah! Sorry for wasting your time (and mine!) ... :-) Methinks an empty one should be created by default ... -- G.