cloud consciousness

Authors

Larry Warnock
Our CEO's take on cloud computing from a business perspective - plus tales of his travels.

Mike Frank
Gazzang's resident geek dishes on new technology, including hints and tips for data security.

Eddie Garcia
Author of our blog series, "The Bleeding Edge," Eddie reflects on how technology changes our every day lives - from hobbies to professions.

Dustin Kirkland
Tips, tricks, and announcements from our open-source guru about eCryptfs, Ubuntu, and other free software projects.

Chris Gillan
Gazzang's biggest evangelist scoops what's going on at Gazzang and how it affects the IT pro in the trenches.

David Tishgart
Gazzang's marketing guru looks at what's happening in the world of IT security and how it impacts you. Keep an eye out for 80's pop culture references.

Robert Linden
Our Lead Sr. Systems Engineer has a unique view of Gazzang's world. Dealing directly with almost every customer means involvement in both the trial process and the deployment of Gazzang's solutions into production. Check out this blog for a look at real customer use cases, tips & tricks, and best practices.

Subscribe to our blog

Your email:

Follow Me

Blog Roll

Current Articles | RSS Feed RSS Feed

ssh-import-id gaining some steam

Posted by Dustin Kirkland on Wed, Feb 01, 2012 @ 12:07 PM
man keyimport














My Google Alerts and IRC highlights have been firing almost daily with references to ssh-import-id, a handy utility I co-authored with my buddy Scott Moser a couple of years ago.

That's quite exciting to me actually, as I find the tool really, really useful, and I wish more people knew about it.  I tried in vain to contribute it to the OpenSSH project, as a complement to ssh-copy-id, but it never landed there.  Oh well.  There's rarely a day that goes by that I don't use it, actually.  I frequently use virtual machines in public clouds;  usually EC2 but not exclusively.  I often want to share that machine with a colleague. Rather than sharing a password, I simply:

script
And now, I just share the hostname or IP with Eddie and Sergio and they can SSH into this machine and authenticate using their SSH keypair.

Reviewing what actually happened...
  1. ssh-import-id looped over each of the arguments on the command line, which are typically Launchpad user IDs
  2. Fetched each user's public keys from https://launchpad.net/~/+sshkeys
  3. Validated each key's syntax
  4. And concatenated the results to the local ~/.ssh/authorized_keys file
The methodology is secure in that:
  • I know what each of my colleague's Launchpad IDs are, and that's easier to remember than their SSH fingerprints
  • I know that they had to authenticate with Launchpad to upload their SSH public keys
  • I know that the communication between my system and Launchpad was authenticated and private as it used https with a valid SSL certificate
Note that I've uploaded a couple of minor fixes to ssh-import-id in the last 2 weeks that more accurately validates the contents of the public keys retrieved from Launchpad (thanks, Soren for one of those).

You can always grab the latest version from ppa:launchpad/ssh-import-id, though perhaps I should SRU some of these changes to Lucid/Natty/Oneiric.  Anyone willing to test and validate those SRUs, if I propose and upload them?

Cheers,
:-Dustin
Tags: , ,

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics