Sounds like you could put a public key on the target.
Good enough.

Everyone can login to a special remote-supervisor account on some server, to 
connect to the target, and that account has the private key.

Then you don't have to get keys from everyone in advance.
With a passwordless connection to the target, this would be an easy extra step.


You can add their keys to the server account when you need to, then they have 
passwordless access to that account.


Rob

 




>________________________________
> From: Robert P. J. Day <rpj...@crashcourse.ca>
>To: Rob Echlin <r...@echlin.ca> 
>Cc: Ottawa Linux Users Group <linux@lists.oclug.on.ca> 
>Sent: Tuesday, March 19, 2013 5:32:40 PM
>Subject: Re: [OCLUG-Tech] how to set up "passwordless" ssh login?
> 
>On Tue, 19 Mar 2013, Rob Echlin wrote:
>
>> Hi Rob,
>
>> 1)
>
>> I believe that the location where the SSH server looks for keys can
>> be configured in /etc in its config fiile. Is that on a read-only
>> location, too?
>
>  i know about that, here's the sshd_config line for that:
>
>#AuthorizedKeysFile     %h/.ssh/authorized_keys
>
>but the root filesystem is extracted from a squashfs so i don't know
>*where* i have write permission (if any).
>
>>
>> 2)
>> Given what you do every day, I think there is some possibility that you are 
>> going to burn the file system on the remote
>> system yourself.
>> <g>
>>
>> If that is the case, create the .ssh folder with 1 or more public keys in it 
>> before you burn it.
>> Copy the private key to whatever system(s) you are working from.
>> Don't use the passwordless option for your private key. <g>
>
>  don't think that's going to work either, as public keys might not be
>available ahead of time.
>
>  it's actually fine to conclude that this just isn't going to work.
>all i wanted to confirm is that i wasn't missing anything obvious.
>
>rday
>
>-- 
>
>========================================================================
>Robert P. J. Day                                 Ottawa, Ontario, CANADA
>                        http://crashcourse.ca
>
>Twitter:                                      http://twitter.com/rpjday
>LinkedIn:                              http://ca.linkedin.com/in/rpjday
>========================================================================
>
>
>
_______________________________________________
Linux mailing list
Linux@lists.oclug.on.ca
http://oclug.on.ca/mailman/listinfo/linux

Reply via email to