On Wed, Apr 22, 2015 at 10:55 AM, ?ngel Gonz?lez <keisial at gmail.com>
wrote:> On 22/04/15 16:42, Reuben Hawkins wrote:
>>
>> Hi SSH-devs,
>>
>> This may be a bit off topic for this list, but....
>>
>> Would it be ok to share a private key in an installer script so long
>> as the corresponding public key is setup like this...
>>
>> command="cat ~/.ssh/id_rsa.pub" ssh-rsa AAAA...
>
> You would also need at least no-port-forwarding
>
> I'd add all available restricting options.
>
>
>> I'm looking for a secure way to get a user to share their public
key
>> through SSH which can be invoked from an installer on another
>> host...for example...
>>
>> # ssh-keyscan server.local> .ssh/known_hosts
>> # ssh -i hardcoded_private_key server.local> .ssh/authorized_keys
>>
>> Of course in this installer the key fingerprints will be examined by
>> the user before any keys are actually put in known hosts and
>> authorized_keys.
>>
>> Is this secure? Is there a better way?
>
> I see no obvious flaw. Everything depends on the integrity of the server,
> but you already knew that?
>
>
> PS: Why ssh-keyscan? You can hardcode it directly in the known_hosts of
.ssh
> or /etc
>
ssh-keyscan because we don't know the server's host keys ahead of
time. The user is going to install a server on some machine, another
user is going to install a client. The clients must get the host keys
in its known-host file and the server user's keys in its authorized
keys file.
ssh-keyscan gets the hostkeys from the server, and the hardcoded
private key will get the server user's public key.
Also, each server needs unique keys. I wouldn't want one of our
customers to be able to trick another one of our customers into
ssh'ing to the wrong server without a known_host identity changed
message, so I can't hardcode a host key directly into the known_hosts
files in either .ssh or /etc.
Let me know if I'm missing something. :)
Thanks in advance,
Reuben