O'Reilly Hacks
oreilly.comO'Reilly NetworkSafari BookshelfConferences Sign In/My Account | View Cart   
Book List Learning Lab PDFs O'Reilly Gear Newsletters Press Room Jobs  

 
Search
Hacks Site
• List of Titles
• Got a Hack?
• Suggestion Box
Resource Centers
Bioinformatics
C/C++
Databases
Digital Media
Enterprise Development
Game Development
Java
Linux/Unix
Macintosh/OS X
.NET
Open Source
Oracle
Perl
Python
Scripting
Security
Software Development
SysAdmin/Networking
Web
Web Services
Windows
Wireless
XML
Book Series
Annoyances
CD Bookshelves
Cookbooks
Developer's Notebooks
Hacks
Head First
In A Nutshell
Missing Manuals
Pocket References
Personal Trainer
Technology & Society
Publishing Partners
Mandriva
No Starch Press
Paraglyph Press
PC Publishing
Pragmatic Bookshelf
SitePoint
Syngress Publishing
Online Publications
LinuxDevCenter.com
MacDevCenter.com
ONJava.com
ONLamp.com
OpenP2P.com
Perl.com
WebServices.XML.com
WindowsDevCenter.com
XML.com
Special Interest
Beta Chapters
Events
From the Editors List
Letters
MAKE
Open Books
tim.oreilly.com
Special Sales
Academic
Corporate Services
Government
Inside O'Reilly
About O'Reilly
Bookstores
Contact Us
International
Register Your Book
User Groups
Writing for O'Reilly


Quick SSH Public Key Authentication
While reading "Linux Security Cookbook", Section 6.4 entitled "Authentication by Public Key (OpenSSH Client, SSH2 Server, OpenSSH Key) I realized a huge shortcut to the proceedure outlined in the book, using the power of pipes and redirects.

Contributed by: Ben Lentz
[08/14/03 | Discuss (2) | Link to this hack]

Most systems already have an .ssh folder in everyone's home directory, assuming that ssh has been used before. Generating a key can be done exactly how te book outlines it:

ssh-keygen -t dsa

But copying the public key to the remote system can be done in a single, simple step

cat ~/.ssh/id_dsa.pub | ssh remoteuser@remotehost 'cat - >> ~/.ssh/authorized_keys'

By sending id_dsa.pub to STDOUT on the local machine and piping it to the STDIN of the remote ssh command to be run, 'cat -' (cat STDIN) can be using to pickup this data off the pipe, and send it out to authorized_keys on the remote system.

If you want to maintain the paranoia that the book does with regard to the file and directory permissions, use

ssh remoteuser@remotehost 'chmod 700 ~/.ssh ; chmod 600 ~/.ssh/authorized_keys'

O'Reilly Home | Privacy Policy

© 2007 O'Reilly Media, Inc.
Website: | Customer Service: | Book issues:

All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners.