PHWinfo - Afficher un message - using ssh-keygen to create identical keys

30/10/2006, 19h59

markryde@gmail.com wrote:
> Hello,
> I have 5 clients which are connected to three server; this network is
> for testing and
> it not (AND WILL NOT!) be connected to the internet.
> Now: becuase this is for testing, some machines are dual boot; also
> quite frequently we
> install OS on these machines. Theses machines have flavors of linux,
> and there is also solaris.
> My question is: we do work a lot with ssh.
> If on the client side you run : ssh-keygen -t rsa
> it generates 2 files:
> id_rsa id_rsa.pub
> then if you copy id_rsa.pub to the server renaming it to
> authorized_keys2
> (no need to restart the ssh daemon on the server!), than next time you
> will run ssh from a client to a server than it will connect directly,
> without need for a password.
>
>
> Is there a way that all these clients will have the same key?
> (so that on the server, a certain, common authorized_keys2 file will be
> used, hopefully
> with only one line).
> Or is there some other way to cause all the clients to be able to
> connect without a password
> to all the servers ?
>
> As I said, there is no fear of being attacked from outside as this net
> is isoalted from
> the outer world.
> Regard,
> MR
>

Yes there is a way. You generate the keys on one machine and copy them
to all the others. I would not do it though. I think it's generally a
good practice for each person to have their own keypair.

Also do not copy the public key to authorized_keys2. That overwrites it.
Use authorized_keys (keys2 is obsolete) instead and concatenate the keys
to the file, one line per key. This is how authorized_keys is designed
to work. It holds multiple keys, not just one.

30/10/2006, 19h59	#2
Chuck Messages: n/a Hébergeur:	Re: using ssh-keygen to create identical keys markryde@gmail.com wrote: > Hello, > I have 5 clients which are connected to three server; this network is > for testing and > it not (AND WILL NOT!) be connected to the internet. > Now: becuase this is for testing, some machines are dual boot; also > quite frequently we > install OS on these machines. Theses machines have flavors of linux, > and there is also solaris. > My question is: we do work a lot with ssh. > If on the client side you run : ssh-keygen -t rsa > it generates 2 files: > id_rsa id_rsa.pub > then if you copy id_rsa.pub to the server renaming it to > authorized_keys2 > (no need to restart the ssh daemon on the server!), than next time you > will run ssh from a client to a server than it will connect directly, > without need for a password. > > > Is there a way that all these clients will have the same key? > (so that on the server, a certain, common authorized_keys2 file will be > used, hopefully > with only one line). > Or is there some other way to cause all the clients to be able to > connect without a password > to all the servers ? > > As I said, there is no fear of being attacked from outside as this net > is isoalted from > the outer world. > Regard, > MR > Yes there is a way. You generate the keys on one machine and copy them to all the others. I would not do it though. I think it's generally a good practice for each person to have their own keypair. Also do not copy the public key to authorized_keys2. That overwrites it. Use authorized_keys (keys2 is obsolete) instead and concatenate the keys to the file, one line per key. This is how authorized_keys is designed to work. It holds multiple keys, not just one.