Spaces:
Runtime error
Runtime error
| PORT=22003 | |
| MACHINE=paffenroth-23.dyn.wpi.edu | |
| # Clean up from previous runs | |
| # ssh-keygen -f "/home/rcpaffenroth/.ssh/known_hosts" -R "[${MACHINE}]:${PORT} | |
| # login using student-admin key | |
| ssh -i student_admin -p ${PORT} student-admin@${MACHINE} | |
| #copy the key to the tmp directory | |
| #possibly have to rm known_hosts in ssh at some point to prevent an error | |
| # move directories | |
| #cd .ssh | |
| # open the authorized_keys file | |
| less authorized_keys | |
| # add our key to the authorized_keys file | |
| cat my_key2.pub > authorized_keys | |
| #change permissions on the keys | |
| chmod 600 authorized_keys | |
| echo "checking that the authorized_keys file is correct" | |
| ls -l authorized_keys | |
| cat authorized_keys | |
| #WANT TO PUT A CHECK ON THE PERMISSIONS | |
| #NOTES FROM RANDY'S DEMO: | |
| <<comment1 (this starts a block comment) | |
| this block removes the old key (known-hosts) from the old machine | |
| also it's called item potency and he thinks this should go at the botom (how this works without wiping the vm so we can't login I don't know) | |
| ssh-keygen -f "/home/rcpaffenroth/.ssh/known_hosts" -R "[paffenroth-23.dyn.wpi.edu]:21003" | |
| rm -rf tmp | |
| constructing an authorized keys file locally and then checking it before copying it over | |
| cat > says take this and erase it if it exists and then create it and add the file | |
| cat >> says don't erase it just append this thing to it | |
| the >> is for testing so that the other key will be in there and you don't brick your machine, but for the actual thing you want to use > | |
| randy says we should put a pause in this, but I don't know how we check it if not just visually? and this is supposed to be automated? | |
| he says put a "do you mean this you crazy person?" | |
| echo "checking that the authorized_keys file is correct" | |
| ls -l authorized_keys | |
| cat authorized_keys | |
| this line copies the authorized_keys file | |
| he says it is not item potent and can't be rerun again? | |
| scp -i student-admin_key -P ${PORT} -o StrictHostKeyChecking=no authorized_keys student-admin@${MACHINE}:~/.ssh/ | |
| ohhhhh so this block makes it so that you don't have to type the password for the key more than once | |
| you type it once and it adds the key to a database, that's why we're adding the private key | |
| # Add the key to the ssh-agent | |
| eval "$(ssh-agent -s)" | |
| ssh-add mykey | |
| he says this is dumb because it only checks it if it's right | |
| # Check the key file on the server | |
| echo "checking that the authorized_keys file is correct" | |
| ssh -p ${PORT} -o StrictHostKeyChecking=no student-admin@${MACHINE} "cat ~/.ssh/authorized_keys" | |
| Remaining Questions: | |
| 1. Why does he bother copying over the student-admin key to the new directory and changing the permissions? | |
| 2. How does the password thing really work here? Same thing with the pause - | |
| if it's supposed to be completely automated where if the server goes down at 2 am we can get it back up, | |
| then doesn't this require human intervention to type in the password or approve the authorized_keys? | |
| 3. If we put the cleanup line at the end, it must just delete known_users, which is fine because we already know it works with that deleted? | |
| comment1 (this ends the block comment) | |