I want to setup SSH keys to automate scp jobs. My current assumption is that "automate" implies SSH keys without a password, but I am open to your suggestions.
I did a lot of Googling before I asked this question. Here is what I found:
- Lots of pages explain how to configure SSH keys without a password
- Very few pages explaining the security implications of SSH keys without a password
Thus, this question is a prime candidate for what Jeff Atwood calls "Making the Internet a Better Place".
For the purpose of this question, imagine this config:
- Source 1 (not controlled by me):
user1@host1 - Source 2 (not controlled by me):
user2@host2 - Source X/Y/Z (not controlled by me): etc.
- Destination (controlled by me):
user3@host3 - Goal: Setup "jobs" (scripts, whatever) to copy files from
user1@host1anduser2@host2(etc.) touser3@host3usingscp
I already know about:
ssh-keygento generate SSH keys- SSH keys can have empty/no password
~/.ssh/id_dsahas the private key~/.ssh/id_dsa.pubhas the public key- Copy
~/.ssh/id_dsa.pubinto~/.ssh/authorized_keysand carefully set its file permissions - Share contents of
~/.ssh/id_dsa.pubwith other user/host to use withscp
In my own testing between different hosts/users, I know my setup works.
What troubles me are the security implications. And, I confess that I am not a Linux admin, nor a security expert.
- If I give this public SSH key to another division to use with
scp, what if that same key is leaked/lost/stolen to another division? - Does this imply anyone with access to this public SSH key can use
scpagainsthost3asuser3without a password?
Important assumptions to consider for your responses:
- I do not care about external hackers via the wider Internet. These are Linux boxes on a secure corp network.
- I cannot setup additional user IDs.
I am guessing there is a way to restrict access for a specific SSH key, but I don't know how. Maybe ~/.ssh/authorized_keys options (which I just learned about today)? Is it possible to have multiple SSH keys -- give a different key to each source?
Please advise The Right Way.
user3@host3 can have as many ssh public keys as they like granting access to their account. Some can be password protected, others not.
Each key has a public and private part. The keys will be generated by user1 and user2, the public half will be given to user3. User3 can then add those keys to their authorized_keys file. whether the key is password protected or not is determined by the private key, not the public one. So if user3 is given a public key by user1, they have no way to tell if it is password protected or not, AFAIK.
You can perform some restrictions from within the authorised_keys file on individual machines as described in the 'authorized_keys : restricting access section' here
Say for instance you wanted to make sure user1 could only connect from host1 and user2 from host2 you could put in
then if the private key is compromised or stolen for either user1 or user2 they are not able to connect in from any other machine.
Not sure how good this is but might be worth you looking into scponly which looks to prevent shell access to users you only want to have scp access for.