views:

249

answers:

3

Hi,

I need to create a script that automatically setup a ssh tunnel. I think that a dedicated ssh key without password is a good start but I couldn't find if this is possible and how to do it. This key should have limited privileges (only set the tunnel up) but I need another private key (with a password) for myself.

Thanks !

+1  A: 

Try the

ssh-keygen

command.

Mihai Limbășan
Don't forget the -f option or this will overwrite the old private key
ascobol
A: 

This is a good tutorial on how to set up basic public key authentication.

matt b
+4  A: 

Ok, I've found the answer.

First, ssh-keygen -f theNewPrivateKey otherwise it will overwrite the old private key. Second, ssh -i theNewPrivateKey me@mycomputer the -i option changes the private key used for the authentication.

Now I can try my script.


Edit: how does my new key has limited privileges:

When copying the public key to $HOME/.ssh/authorized_keys2 file of the target computer, I added this:

command="sleep 99999999999" ssh-dss AAAAB3NzaC1kc3MA...
(+ the rest of the key)

Then the only command allowed is to wait forever. Since the purpose of creating this key was to create a reverse ssh tunnel this should be fine. I then create the tunnel:

ssh -T -R 7878:localhost:22 -i .ssh/mynewkey  me@myhomecomputer

Finally I can log from my home computer:

ssh myworklogin@localhost -p7878

I hope that this does not have security issues. If this is a bad thing, please let me know !

ascobol
How would that new key "have limited privileges"?
innaM
Because it can do only one thing, `sleep`.
Keltia
Thanks for claryfying this.
innaM