shared private key

Reuben Hawkins reubenhwk at gmail.com
Thu Apr 23 00:42:15 AEST 2015


Hi SSH-devs,

This may be a bit off topic for this list, but....

Would it be ok to share a private key in an installer script so long
as the corresponding public key is setup like this...

command="cat ~/.ssh/id_rsa.pub" ssh-rsa AAAA...

I'm looking for a secure way to get a user to share their public key
through SSH which can be invoked from an installer on another
host...for example...

# ssh-keyscan server.local > .ssh/known_hosts
# ssh -i hardcoded_private_key server.local > .ssh/authorized_keys

Of course in this installer the key fingerprints will be examined by
the user before any keys are actually put in known hosts and
authorized_keys.

Is this secure?  Is there a better way?

Thanks in advance,
Reuben


More information about the openssh-unix-dev mailing list