[mythtv-users] Mythbuntu SSH key management
Dave Day
david.scott.day at gmail.com
Thu Apr 28 15:07:25 UTC 2016
Hi Jay!
On Wed, 27 Apr 2016, Jay Foster wrote:
> On 4/26/2016 7:07 PM, Dave Day wrote:
> >I am a long time Mythtv user from Gentoo land, but I am
> >older now and have just recently switched all my machines
> >to Ubuntu (all but one Mythbuntu) to ease the burdens of
> >administration so I can enjoy my retirement in relative peace.
> >
> >Mostly this has gone quite well and I am thrilled to have today
> >gotten my last Liva ECS front end up and running in about an hour
> >and a half.
> >
> >So now that MythTV is humming along, I am turning my attention to
> >syncing and backing up the local customizations I make to
> >make my system admin life easier.
> >
> >I am in the habit of having a powerful laptop near by in my comfy
> >chair and being able to visit each machine via ssh, using keychain
> >to give me pretty much password free access to all my machines.
> >
> >However keychain does not seem to work on Mythbuntu for a reason
> >I have not yet come to fathom.
> >
> >I notice that gnome-keyring-daemon is active however and wonder if
> >there is a conflict between it and keychain.
> >
> >Ideally I would like for the ssh-agent/keychain arrangement I am used
> >to to work, but I could also try and adapt to the gnome-keychain-daemon
> >way of doing things if that would live more peacefully.
> >
> >But in my quick tour of google search results I see that gnome-keyring
> >is perhaps being phased out in favor of something called Seahorse.
> >
> >So, who is managing password free ssh logins among their various machines,
> >and can I hope to continue using keychain, or do you recommend
> >gnome-keyring-daemon, and if so, where do I start?
> >
> >Thanks,
> >Dave Day
> >_______________________________________________
> >mythtv-users mailing list
> >mythtv-users at mythtv.org
> >http://lists.mythtv.org/mailman/listinfo/mythtv-users
> >http://wiki.mythtv.org/Mailing_List_etiquette
> >MythTV Forums: https://forum.mythtv.org
> >
> If what you are looking for is password free access to your machines via ssh
> (and friends), then you could simply set up a pair of keys for ssh on each
> machine. There are many how to's on the internet, such as
> http://www.linuxproblem.org/art_9.html, http://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-login-without-password-using-ssh-keygen-ssh-copy-id/,
> etc.
>
> I do this often, as it allows other applications that use ssh (rsync,
> rdiff-backup) to be run from scripts.
>
> Jay
> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
> http://lists.mythtv.org/mailman/listinfo/mythtv-users
> http://wiki.mythtv.org/Mailing_List_etiquette
> MythTV Forums: https://forum.mythtv.org
Jay,
Thanks for your suggestion.
It turns out I caused the problem. I have long kept a USB Stick
with various utilities on it I could use remotely to get back into
my home network while away. One of these was a ${HOME}/.ssh directory
with my keys etc.
For convenience sake, I used that copies of that directory to set
up my initial ${HOME}/.ssh/ directories on my new ECS Livas.
I used that directory to seed the first machine and then used ssh-copy-id
to propagate the keys. Unfortunately ssh-copy-id either added or subtracted
a newline at the end of the key (don't remember which) so authorized_keys
in those machines was off by that one byte!
Easy to fix, hard to find.
Dave
More information about the mythtv-users
mailing list