Projects / ssh-keyinstall

ssh-keyinstall

ssh-keyinstall is a script that helps an ssh user set up the keys at both ends of an ssh connection. It creates an rsa or dsa key if needed and copies the public half to the server. Once the process is done, you'll be able to log in with the passphrase and key instead of a password.

Tags
Licenses
Operating Systems
Implementation

Recent releases

  •  10 Dec 2002 19:13

    Release Notes: Users can force the remote server type with a command line. There are bugfixes, better server identification, and notes about how to use it in Cygwin.

    •  28 Mar 2002 20:33

      Release Notes: Another new ssh server signature.

      •  28 Mar 2002 06:16

        Release Notes: This release is updated with a new SSH version signature.

        •  17 Sep 2001 05:47

          Release Notes: Minor improvements and cosmetic changes have been made.

          •  16 Apr 2001 05:47

            No changes have been submitted for this release.

            Recent comments

            23 Jun 2008 11:31 nicc777

            Thanks
            Big thanks for a tool that just works :-)

            25 Feb 2004 13:34 billw1955

            patch to make chmod of local and remote home dir optional, default off
            Ssh-keyinstall changes the permissions of the home directories of both the local user and the remote user to 700. In one case, this can be disastrous.

            The problem case is the default solaris configuration - the home directory of user root is /. Running ssh-keyinstall with root/solaris on either or both sides results in services stopping and all other users being locked out of the machine(s).

            The following patch makes the chmod optional and off by default. To force chmod of both remote and local directories to 700, use -m.

            --- /usr/bin/ssh-keyinstall 2002-09-10 16:12:17.000000000 -0400
            +++ ssh-keyinstall 2004-02-25 16:07:58.000000000 -0500
            @@ -154,6 +154,7 @@
            wrap '-h shows this help.' >&2
            wrap '-v runs verbosely.' >&2
            wrap '-t forces the remote server type to OPENSSH, COMSSH1 (commercial ssh 1), or COMSSH2. Use this if the autodetect fails.' >&2
            + wrap '-m forces old behavior of chmod both local and remote directories to 700. Default now is to leave permissions alone.' >&2
            exit 1
            }

            @@ -163,7 +164,7 @@
            showhelp
            fi

            -unset REMOTECOMMAND REMPORT SERVERNAME REMUSERNAME VERBOSE
            +unset REMOTECOMMAND REMPORT SERVERNAME REMUSERNAME VERBOSE MODHOMEDIR
            while [ -n "$1" ]; do
            case $1 in
            -c|--remote-command)
            @@ -202,6 +203,10 @@
            exit 1
            fi
            ;;
            + -m|--mod-home-dir)
            + MODHOMEDIR='DOIT'
            + shift 1
            + ;;
            -t|--server-type)
            if [ -n "$2" ]; then
            case "$2" in
            @@ -403,7 +408,7 @@
            fi

            mkdir -p ~/.ssh ~/.ssh2 #We may not need both, but feel free to bill me for the lost 4K.
            - chmod 700 ~ ~/.ssh ~/.ssh2
            + chmod 700 ${MODHOMEDIR:+~} ~/.ssh ~/.ssh2

            case $CLIENTTYPE in
            OPENSSH)
            @@ -484,7 +489,7 @@
            #being forced, the commands we're spcecifying won't be run. Do for all server sections.
            # PASSONLY='-o "RSAAuthentication no" -o "PubkeyAuthentication no"' perhaps? good for openssh 2 client.
            #FIXME set PASSONLY in each of the client tests above and user below.
            - $SSHCommand ${REMUSERNAME}@${SERVERNAME} 'chmod 700 ~ ; mkdir -p ~/.ssh ; chmod 700 ~/.ssh ; rm -f ~/.ssh/newpubkey ~/.ssh/authorized_keys2.temp ; [ -f ~/.ssh/authorized_keys2 ] && cat ~/.ssh/authorized_keys2 >~/.ssh/authorized_keys2.temp'
            + $SSHCommand ${REMUSERNAME}@${SERVERNAME} "${MODHOMEDIR:+chmod 700 ~ ;} mkdir -p ~/.ssh ; chmod 700 ~/.ssh ; rm -f ~/.ssh/newpubkey ~/.ssh/authorized_keys2.temp ; [ -f ~/.ssh/authorized_keys2 ] && cat ~/.ssh/authorized_keys2 >~/.ssh/authorized_keys2.temp"
            if [ -n "$REMOTECOMMAND" ]; then
            $SSHCommand ${REMUSERNAME}@${SERVERNAME} "echo -n command=\\\"$REMOTECOMMAND\\\" ' ' >>~/.ssh/authorized_keys2.temp"
            fi
            @@ -506,7 +511,7 @@
            wrap You will be asked to enter your remote password for each of the following commands. If you disagree with a particular command, or simply wish to perform it yourself, enter an incorrect password.
            REMKEYNAME=${SSH2DSAPUBKEY##*/}
            set -x
            - $SSHCommand ${REMUSERNAME}@${SERVERNAME} 'chmod 700 ~ ; mkdir -p ~/.ssh2 ; chmod 700 ~/.ssh2'
            + $SSHCommand ${REMUSERNAME}@${SERVERNAME} "${MODHOMEDIR:+chmod 700 ~ ;} mkdir -p ~/.ssh2 ; chmod 700 ~/.ssh2"
            set +x
            wrap I need to check if the remote key name is already in use.
            set -x
            @@ -547,7 +552,7 @@
            exit 1
            fi
            mkdir -p ~/.ssh
            - chmod 700 ~ ~/.ssh
            + chmod 700 ${MODHOMEDIR:+~} ~/.ssh
            if [ -f ~/.ssh/identity ] && [ -f ~/.ssh/identity.pub ]; then
            debug Existing identity and identity.pub files, using those.
            PRIVATEKEY=~/.ssh/identity #Don't quote the tilde's; they need to be expanded by the shell
            @@ -603,7 +608,7 @@
            #FIXME - temp auth file
            wrap You will be asked to enter your remote password for each of the following commands. If you disagree with a particular command, or simply wish to perform it yourself, enter an incorrect password.
            set -x
            - $SSHCommand ${REMUSERNAME}@${SERVERNAME} 'chmod 700 ~ ; mkdir -p ~/.ssh ; chmod 700 ~/.ssh ; rm -f ~/.ssh/newpubkey'
            + $SSHCommand ${REMUSERNAME}@${SERVERNAME} "${MODHOMEDIR:+chmod 700 ~ ;} mkdir -p ~/.ssh ; chmod 700 ~/.ssh ; rm -f ~/.ssh/newpubkey"
            $SCPCommand $SSH1PUBKEY ${REMUSERNAME}@${SERVERNAME}:.ssh/newpubkey
            if [ -n "$REMOTECOMMAND" ]; then
            $SSHCommand ${REMUSERNAME}@${SERVERNAME} "echo -n command=\\\"$REMOTECOMMAND\\\" ' ' >>~/.ssh/authorized_keys" ' ; cat ~/.ssh/newpubkey >>~/.ssh/authorized_keys ; chmod 600 ~/.ssh/authorized_keys ; rm -f ~/.ssh/newpubkey'

            16 Apr 2001 08:58 wstearns

            Re: Useful?

            > #!/bin/sh
            >
            > ssh-keygen
            > scp ~/.ssh/identity.pub
            > $1:~/.ssh/authorized_keys
            >
            > Hmm, worth it.


            For ssh1, that's just about it. What about ssh2? The soup of filenames and key conversions gets a lot uglier with the different flavors of ssh2.

            - Bill

            16 Apr 2001 08:21 blob

            Useful?
            #!/bin/sh

            ssh-keygen

            scp ~/.ssh/identity.pub $1:~/.ssh/authorized_keys

            Hmm, worth it.

            Screenshot

            Project Spotlight

            OpenStack4j

            A Fluent OpenStack client API for Java.

            Screenshot

            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.