(password access) make the hostkey thing less of a problem...

...for the code, not for the admin ;-)

OK that sounds nasty but really it's not that bad.  We're replacing some
code with a one-time step for the admin which is also likely to be more
future-proof.

idea credit: Teemu
This commit is contained in:
Sitaram Chamarty 2011-09-15 21:23:34 +05:30
parent c69c10366d
commit 32417b5b39
2 changed files with 3 additions and 11 deletions

View file

@ -75,11 +75,6 @@ then
# passing the username whose key it is as argument 1. # passing the username whose key it is as argument 1.
cat .ssh/id_rsa.pub | su -l -c "$0 $user" $hosting_user cat .ssh/id_rsa.pub | su -l -c "$0 $user" $hosting_user
# finally, as $user (alice) ssh to the hosting_user once so that the
# hostkey checking gets done and you get the correct hostkey in
# ~user/.ssh/known_hosts
su -c "ssh -o StrictHostKeyChecking=no $hosting_user@localhost info" - $user
exit 0 exit 0
else else

View file

@ -88,12 +88,6 @@ these pesky ssh keys.
expand, setperms, etc.), but considering that an ADC could be called expand, setperms, etc.), but considering that an ADC could be called
*anything*, a general solution is impossible.</font> *anything*, a general solution is impossible.</font>
* If you server's host key changes, you may have to manually fix up all the
host keys in all the user's `~/.ssh/known_hosts` files. Not too difficult
if you're sure they all have just the one host key, but if they have
multiple, you have to carefully delete and replace just the one line that
pertains to localhost. Scripts to do this cleanly are welcome...
<a name="_what_the_2_scripts_actually_do"></a> <a name="_what_the_2_scripts_actually_do"></a>
### what the 2 scripts actually do ### what the 2 scripts actually do
@ -121,6 +115,9 @@ these pesky ssh keys.
Here's how to set this up. First, the **one-time** tasks: Here's how to set this up. First, the **one-time** tasks:
* Do this first, or you'll forget :-) Add the host key for 'localhost' to
`/etc/ssh/ssh_known_hosts`. And if it ever changes, update it.
* Install gitolite as normal, if not already installed. This will require * Install gitolite as normal, if not already installed. This will require
you to use ssh keys for your (admin's) own access, but I assume that's ok. you to use ssh keys for your (admin's) own access, but I assume that's ok.