[Box-Admins] Private keys

Frank Shearar frank.shearar at gmail.com
Wed Jan 9 13:43:09 UTC 2013 

On 9 January 2013 13:28, Chris Cunnington <smalltalktelevision at gmail.com> wrote:
> On 2013-01-09 8:22 AM, Frank Shearar wrote:
>>
>> On 9 January 2013 13:16, Chris Cunnington <smalltalktelevision at gmail.com>
>> wrote:
>>>
>>> On 2013-01-09 5:09 AM, Frank Shearar wrote:
>>>>
>>>> Hi,
>>>>
>>>> I need to somehow get private keys for the angband and norst nodes
>>>> securely onto squeakci.org. My preference is to use scp, but that
>>>> requires shell access. I don't think that, in general, we want shell
>>>> access for teamjenkins. Ideas on how to proceed?
>>>>
>>>> (I want to set up the two nodes to have Jenkins ssh to them, because
>>>> that might be easier than hacking on slaves authenticating to the
>>>> server.)
>>>>
>>>> frank
>>>
>>> Well, I guess you need to send the keys to a person with shell access.
>>> Ken
>>> is likely the best person for that, as he manages keys all the time.
>>>
>>> Chris
>>
>> Yes, but that just changes the problem to "how can I pass the keys to
>> Ken in a secure manner?"
>>
>> Apparently giving a user the shell "rssh" lets a user do things like
>> move files, rsync and such, but not have generic unfettered shell
>> access.
>>
>> frank
>
> There is something here I don't understand. A public key I've seen Colin
> post on a message board to be copied. Or you could zip them and send them to
> Ken?
> So, I'm not sure what's required here. Is the key a thing you can send to
> somebody else? If so, then you could send it to Ken?

SSH uses a public/private keypair. The PUBLIC key goes into the
~/.ssh/authorized_keys of the account TO WHICH you want to connect. In
this case, that's the jenkins user on the build slave. The PRIVATE key
is used by the machine FROM WHICH you want to connect.

Possession of the private key grants permission to log into my build
slave, in other words.

What I need is a means of securely putting the private key into a
known location on squeakci.org. Then I can configure the node to use
it when ssh'ing into my build slave (which doesn't permit password
authentication).

frank

> Chris

More information about the Box-Admins mailing list