I figure I should just get out of the way of this conversation and let you talk to Ken.
Chris
On Wed, Jan 9, 2013 at 8:43 AM, Frank Shearar frank.shearar@gmail.comwrote:
On 9 January 2013 13:28, Chris Cunnington smalltalktelevision@gmail.com wrote:
On 2013-01-09 8:22 AM, Frank Shearar wrote:
On 9 January 2013 13:16, Chris Cunnington <
smalltalktelevision@gmail.com>
wrote:
On 2013-01-09 5:09 AM, Frank Shearar wrote:
Hi,
I need to somehow get private keys for the angband and norst nodes securely onto squeakci.org. My preference is to use scp, but that requires shell access. I don't think that, in general, we want shell access for teamjenkins. Ideas on how to proceed?
(I want to set up the two nodes to have Jenkins ssh to them, because that might be easier than hacking on slaves authenticating to the server.)
frank
Well, I guess you need to send the keys to a person with shell access. Ken is likely the best person for that, as he manages keys all the time.
Chris
Yes, but that just changes the problem to "how can I pass the keys to Ken in a secure manner?"
Apparently giving a user the shell "rssh" lets a user do things like move files, rsync and such, but not have generic unfettered shell access.
frank
There is something here I don't understand. A public key I've seen Colin post on a message board to be copied. Or you could zip them and send
them to
Ken? So, I'm not sure what's required here. Is the key a thing you can send to somebody else? If so, then you could send it to Ken?
SSH uses a public/private keypair. The PUBLIC key goes into the ~/.ssh/authorized_keys of the account TO WHICH you want to connect. In this case, that's the jenkins user on the build slave. The PRIVATE key is used by the machine FROM WHICH you want to connect.
Possession of the private key grants permission to log into my build slave, in other words.
What I need is a means of securely putting the private key into a known location on squeakci.org. Then I can configure the node to use it when ssh'ing into my build slave (which doesn't permit password authentication).
frank
Chris