What's the recommended way in 2019 for setting up ssh keys and authorized hosts on boot?

tmchow

By tmchow
in General Support

Recommended Posts

tmchow Enthusiast

tmchow

Posted
Posted

I've found all sorts of threads on how to best setup SSH keys and authorized_keys files on each boot since they are blown away each time.  I'm trying to see if there is a single best approach that's recommended now in 2019 that's easy to setup and maintain.

 

Right now what I'm doing is to have my keys and authorized_keys files in /boot/config/ssh/, and in the /boot/config/go file, I copy the files to ~/.ssh/. I use umask in the bash script like follows to handle the permissioning: 

#!/bin/bash

# umask setup
umask 077

# Variable Setup
CONFIG=/boot/config/ssh
HOME_SSH=/root/.ssh

if [ ! -d "$HOME_SSH" ]; then
    mkdir $HOME_SSH
    cp $CONFIG/authorized_keys $HOME_SSH
    cp $CONFIG/known_hosts $HOME_SSH
fi

The one flaw in this is that as my server is running 24x7 like most of you, if I ever make changes to my ssh keys, authorized_keys or known_hosts, I have to remember to make changes in /boot/config/ssh then copy the files to ~/.ssh/.

 

What I was thinking would be better was to instead of copy then, make symbolic links to my master files in /boot/config/ssh from ~/.ssh/.  Then I only every update one spot.

 

I read some other threads using the /etc/ssh/ directory with some confusing comments about something that happens on boot where keys are copied from /boot/config/ssh automatically to /etc/ssh.  If the keys are present in /etc/ssh and the system uses those automatically, then do i even need keys in ~/.ssh?  Confusing...

 

this is where you all come in. There has got to be a small # of ways that are best in terms of ease to setup, and ease to maintain as keys are changed etc.

 

 

 

Link to comment
  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing