<div dir="ltr"><div>I figure I should just get out of the way of this conversation and let you talk to Ken. <br><br></div>Chris <br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jan 9, 2013 at 8:43 AM, Frank Shearar <span dir="ltr"><<a href="mailto:frank.shearar@gmail.com" target="_blank">frank.shearar@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On 9 January 2013 13:28, Chris Cunnington <<a href="mailto:smalltalktelevision@gmail.com">smalltalktelevision@gmail.com</a>> wrote:<br>
> On 2013-01-09 8:22 AM, Frank Shearar wrote:<br>
>><br>
>> On 9 January 2013 13:16, Chris Cunnington <<a href="mailto:smalltalktelevision@gmail.com">smalltalktelevision@gmail.com</a>><br>
>> wrote:<br>
>>><br>
>>> On 2013-01-09 5:09 AM, Frank Shearar wrote:<br>
>>>><br>
>>>> Hi,<br>
>>>><br>
>>>> I need to somehow get private keys for the angband and norst nodes<br>
>>>> securely onto <a href="http://squeakci.org" target="_blank">squeakci.org</a>. My preference is to use scp, but that<br>
>>>> requires shell access. I don't think that, in general, we want shell<br>
>>>> access for teamjenkins. Ideas on how to proceed?<br>
>>>><br>
>>>> (I want to set up the two nodes to have Jenkins ssh to them, because<br>
>>>> that might be easier than hacking on slaves authenticating to the<br>
>>>> server.)<br>
>>>><br>
>>>> frank<br>
>>><br>
>>> Well, I guess you need to send the keys to a person with shell access.<br>
>>> Ken<br>
>>> is likely the best person for that, as he manages keys all the time.<br>
>>><br>
>>> Chris<br>
>><br>
>> Yes, but that just changes the problem to "how can I pass the keys to<br>
>> Ken in a secure manner?"<br>
>><br>
>> Apparently giving a user the shell "rssh" lets a user do things like<br>
>> move files, rsync and such, but not have generic unfettered shell<br>
>> access.<br>
>><br>
>> frank<br>
><br>
> There is something here I don't understand. A public key I've seen Colin<br>
> post on a message board to be copied. Or you could zip them and send them to<br>
> Ken?<br>
> So, I'm not sure what's required here. Is the key a thing you can send to<br>
> somebody else? If so, then you could send it to Ken?<br>
<br>
</div></div>SSH uses a public/private keypair. The PUBLIC key goes into the<br>
~/.ssh/authorized_keys of the account TO WHICH you want to connect. In<br>
this case, that's the jenkins user on the build slave. The PRIVATE key<br>
is used by the machine FROM WHICH you want to connect.<br>
<br>
Possession of the private key grants permission to log into my build<br>
slave, in other words.<br>
<br>
What I need is a means of securely putting the private key into a<br>
known location on <a href="http://squeakci.org" target="_blank">squeakci.org</a>. Then I can configure the node to use<br>
it when ssh'ing into my build slave (which doesn't permit password<br>
authentication).<br>
<br>
frank<br>
<br>
> Chris<br>
</blockquote></div><br></div>