useradd -g group_name nyeates passwd nyeates su - nyeates cd $HOME/.ssh/authorized_keys # paste public key in this file /etc/ssh/sshd_config # important directory for ssh settings
This explains how to setup SSH key authentication to remote unix servers. Basically you can SSH into a shell without having to remember the password. The remote server has your public key, and your local machine has the matching private key. The remote server can verify you are legit by seeing if the public key it has, matches the private key that you keep secret.
ssh-keygen -b 1024
cat ~/.ssh/*.pub
scp ~/.ssh/id_rsa.pub remoteuser@remotehost:~/ ssh remoteuser@remotehost cat id_rsa.pub >> ~/.ssh/authorized_keys rm id_rsa.pub exit ssh remoteuser@remotehost (no password needed now!)
nano authorized_keys
Howto also located at: http://www.debuntu.org/ssh-key-based-authentication
Following allows a shortcut of ssh lms
to be used
In your ~/.ssh/ directory create or edit the config
file
Host lms* User admin KeepAlive yes Hostname lms.yeates.com IdentityFile ~/awsnickkey.pem
ssh -R 5501:localhost:22 customer@bastion.host.com
ssh nyeates@bastion.host.com ssh -v -p 5501 remoteuser@localhost OR ssh -v -p 5501 '-L*:23502:localhost:80' remoteuser@localhost
http://bastion.host.com:23502/
edit /etc/sudoers
as root and add the following line:
nyeates ALL=(zenoss) NOPASSWD: ALL
It will allow the zenoss user to run any command as user zenoss, without a password prompt.