Filter
Top Products
Chapter 4 Enhancing Security 73
The -b ag sets the length of the keys to 1,024-bits, -t indicates to use the RSA hashing
algorithm, -f sets the le name as id_rsa, and -P followed by two single-quote marks
sets the private key password to be null. The null private key password allows for
automated SSH connections.
Keys are equivilant to passwords so you should keep them private and protected.
4 Copy the public key into the authorized key le by entering the following command:
cat id_rsa.pub >> authorized_keys2
5 Change the permissions of the private key by entering the following command:
chmod go-rwx ~/.ssh/.id_rsa
Set the permissions on the private key so the le can only be changed by the owner.
6 Copy the public key and the authorized key lists to the specied user’s home folder on
the remote computer by entering the following command:
scp authorized_keys2 username@remotemachine:~/.ssh/
To establish two-way communication between servers, repeat this process on the
second computer.
The process must be repeated for each user that needs to open key-based SSH
sessions. The root user is not excluded from this requirement. The home folder for the
root user on Mac OS X Server is located at /var/root/.
Key-Based SSH with Scripting Sample
A cluster of servers is an ideal environment for using key-based SSH.
The following Perl script is a trivial scripting example that should not be implemented,
but it demonstrates connecting over an SSH tunnel to all servers dened in the
variable serverList, running softwareupdate, installing available updates, and restarting
the computer if necessary.
The script assumes that key-based SSH was set up for the root user on all servers to be
updated.
#!/usr/bin/perl
# \@ is the escape sequence for the "@" symbol.
my @serverList = ('root\@exampleserver1.example.com',
'root\@exampleserver2.example.com');
foreach $server (@serverList) {
open SBUFF, "ssh $server -x -o batchmode=yes 'softwareupdate -i -a' |";
while(<SBUFF>) {
my $flag = 0;
chop($_);
#check for restart text in $_
my $match = "Please restart immediately";