[Box-Admins] Private keys

Chris Cunnington smalltalktelevision at gmail.com
Wed Jan 9 15:37:58 UTC 2013 

I figure I should just get out of the way of this conversation and let you
talk to Ken.

Chris


On Wed, Jan 9, 2013 at 8:43 AM, Frank Shearar <frank.shearar at gmail.com>wrote:

> On 9 January 2013 13:28, Chris Cunnington <smalltalktelevision at gmail.com>
> wrote:
> > On 2013-01-09 8:22 AM, Frank Shearar wrote:
> >>
> >> On 9 January 2013 13:16, Chris Cunnington <
> smalltalktelevision at gmail.com>
> >> wrote:
> >>>
> >>> On 2013-01-09 5:09 AM, Frank Shearar wrote:
> >>>>
> >>>> Hi,
> >>>>
> >>>> I need to somehow get private keys for the angband and norst nodes
> >>>> securely onto squeakci.org. My preference is to use scp, but that
> >>>> requires shell access. I don't think that, in general, we want shell
> >>>> access for teamjenkins. Ideas on how to proceed?
> >>>>
> >>>> (I want to set up the two nodes to have Jenkins ssh to them, because
> >>>> that might be easier than hacking on slaves authenticating to the
> >>>> server.)
> >>>>
> >>>> frank
> >>>
> >>> Well, I guess you need to send the keys to a person with shell access.
> >>> Ken
> >>> is likely the best person for that, as he manages keys all the time.
> >>>
> >>> Chris
> >>
> >> Yes, but that just changes the problem to "how can I pass the keys to
> >> Ken in a secure manner?"
> >>
> >> Apparently giving a user the shell "rssh" lets a user do things like
> >> move files, rsync and such, but not have generic unfettered shell
> >> access.
> >>
> >> frank
> >
> > There is something here I don't understand. A public key I've seen Colin
> > post on a message board to be copied. Or you could zip them and send
> them to
> > Ken?
> > So, I'm not sure what's required here. Is the key a thing you can send to
> > somebody else? If so, then you could send it to Ken?
>
> SSH uses a public/private keypair. The PUBLIC key goes into the
> ~/.ssh/authorized_keys of the account TO WHICH you want to connect. In
> this case, that's the jenkins user on the build slave. The PRIVATE key
> is used by the machine FROM WHICH you want to connect.
>
> Possession of the private key grants permission to log into my build
> slave, in other words.
>
> What I need is a means of securely putting the private key into a
> known location on squeakci.org. Then I can configure the node to use
> it when ssh'ing into my build slave (which doesn't permit password
> authentication).
>
> frank
>
> > Chris
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.squeakfoundation.org/pipermail/box-admins/attachments/20130109/85b1b475/attachment.htm

More information about the Box-Admins mailing list