shared private key

Philip Hands phil at hands.com
Thu Apr 23 18:22:29 AEST 2015


Reuben Hawkins <reubenhwk at gmail.com> writes:

> On Wed, Apr 22, 2015 at 1:53 PM, Gert Doering <gert at greenie.muc.de> wrote:
>> Hi,
>>
>> On Wed, Apr 22, 2015 at 01:26:06PM -0700, Reuben Hawkins wrote:
>>> Let me know if I'm missing something.  :)
>>
>> Signed keys from a common CA?
>
> I don't think the signed key helps in my particular case (I may be
> wrong, if so please correct me).
>
> I'm working on a management application and the next version's big
> feature is network security via SSH.  My application is actually
> backwards from most other client/server models.  It's backwards in
> that the "server" initiates connections to the "clients" (so the ssh
> client runs on the "server", sshd on the "clients") to make the
> clients do things (let's just say run updates as an example).  I need
> to get the server user's public key into the client's authorized_keys
> file when the client software is installed.  I can't think of a way to
> get the public key from the server other than the private key
> hardcoded into the installer and the corresponding hardcoded public
> key in the server's authorized_keys file like this...

> command="cat ~/.ssh/id_rsa.pub",other-safty-restrictions ssh-rsa AAAA....
>
> With this anybody can get the server user's public key.

I think you need to describe what you're after in terms of which group
is meant to be generating keys, and what those keys are supposed to be
trusted to do once everything's running.

Is the key that you're interested in transfering being generated by the
competent people in this arangement, or by the unskilled customers?

If the key is being generated by the machine belonging to the unskilled
customer, then I understand your problem, and the reason for the
solution, but I'm not quite sure.

It sounds like you have a key on an administration server that you want
to get to the boxes being administrated.  I presume that the people
running the admin server can be expected to be a bit more capable?

Is there any reason why you cannot simply ship the authorized_keys file
with your software?  Perhaps GPG signed?  Or publish the GPG signed
authorized_keys file on your web site?

BTW For the case where the clients want to only offer access when they
feel like it, rather than letting a cron job on the admin-server in
whenever it feels like it, you could try not having keys on the server,
and instead use agent forwarding such that the clients only trust a key
they generated themselves, which they keep to themselves, as described
in the example here:

  http://wiki.hands.com/howto/passphraseless-ssh/

HTH

Cheers, Phil.
-- 
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/    http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,    GERMANY
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 818 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20150423/c851883e/attachment.bin>


More information about the openssh-unix-dev mailing list