tmchow Posted August 2, 2019 Share Posted August 2, 2019 I've found all sorts of threads on how to best setup SSH keys and authorized_keys files on each boot since they are blown away each time. I'm trying to see if there is a single best approach that's recommended now in 2019 that's easy to setup and maintain. Right now what I'm doing is to have my keys and authorized_keys files in /boot/config/ssh/, and in the /boot/config/go file, I copy the files to ~/.ssh/. I use umask in the bash script like follows to handle the permissioning: #!/bin/bash # umask setup umask 077 # Variable Setup CONFIG=/boot/config/ssh HOME_SSH=/root/.ssh if [ ! -d "$HOME_SSH" ]; then mkdir $HOME_SSH cp $CONFIG/authorized_keys $HOME_SSH cp $CONFIG/known_hosts $HOME_SSH fi The one flaw in this is that as my server is running 24x7 like most of you, if I ever make changes to my ssh keys, authorized_keys or known_hosts, I have to remember to make changes in /boot/config/ssh then copy the files to ~/.ssh/. What I was thinking would be better was to instead of copy then, make symbolic links to my master files in /boot/config/ssh from ~/.ssh/. Then I only every update one spot. I read some other threads using the /etc/ssh/ directory with some confusing comments about something that happens on boot where keys are copied from /boot/config/ssh automatically to /etc/ssh. If the keys are present in /etc/ssh and the system uses those automatically, then do i even need keys in ~/.ssh? Confusing... this is where you all come in. There has got to be a small # of ways that are best in terms of ease to setup, and ease to maintain as keys are changed etc. Quote Link to comment
naverone Posted August 8, 2019 Share Posted August 8, 2019 I'm also interested to know the best way to do this. It's a problem I've been meaning to solve for months! It's just so hard to remember to do it when I almost never reboot my unRAID host. For now I'm stealing your idea unless there is a better way! Quote Link to comment
tmchow Posted August 18, 2019 Author Share Posted August 18, 2019 No one has guidance? Quote Link to comment
Abzstrak Posted August 20, 2019 Share Posted August 20, 2019 this works for the SSH keys by adding to the /boot/config/go file, where foo is the key mkdir ~/.ssh echo 'foo' > ~/.ssh/authorized_keys chmod 600 ~/.ssh/authorized_keys && chmod 644 ~/.ssh Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.