Koozali.org: home of the SME Server

[Script] Generating SSH keys for root

Offline cool34000

  • *
  • 339
  • +0/-0
[Script] Generating SSH keys for root
« on: August 03, 2008, 09:46:09 AM »
Here's a little script to generate secured SSH keys for ROOT user on your SME... A quick and easy way to get started!

Code: [Select]
# wget "http://mirror.contribs.org/contribs/sgomez/scripts/ssh/SSH.sh"
# sh SSH.sh
Follow screen instructions!

Clientside key will be sent by email to the admin with needed instructions to start.
Creating a strong passphrase is highly recommended... Full version of PuTTY is needed to translate the key file to PuTTY format under Windows...
Be carefull, authentication with passwords is disabled once the key is generated! (You can still re enable it in the server-manager if something goes wrong...)


PS : howto avoid RkHunter's daily warning if ROOT has SSH access?
Edit /etc/rkhunter.conf (no template for rkhunter!)
And change:
Code: [Select]
ALLOW_SSH_ROOT_USER=noto
Code: [Select]
ALLOW_SSH_ROOT_USER=yes
 :mrgreen:

Offline soprom

  • *
  • 589
  • +0/-0
    • www.logiciel-libre.org
Re: [Script] Generating SSH keys for root
« Reply #1 on: August 06, 2008, 06:51:15 PM »
Thanks! Very userfull!
Sophie from Montréal

Offline Paspv

  • *
  • 21
  • +0/-0
Re: [Script] Generating SSH keys for root
« Reply #2 on: August 06, 2008, 08:45:33 PM »
Thanks for the script! I have downloaded is and run it and I got the following message:

: command not found
: command not found
'SH.sh: line 5: syntax error near unexpected token 'in
'SH.sh: line 5: case "$LANG" in

I changed 4 times "$LANG" in $LANG and the script worked fine. The mail was send and it worked well with Putty.

I have tested it on a SME 7.3 server with all patches applied.

Patrick

Offline Stefano

  • *
  • 10,836
  • +2/-0
Re: [Script] Generating SSH keys for root
« Reply #3 on: August 06, 2008, 09:00:53 PM »
Thanks for the script! I have downloaded is and run it and I got the following message:

: command not found
: command not found
'SH.sh: line 5: syntax error near unexpected token 'in
'SH.sh: line 5: case "$LANG" in

I changed 4 times "$LANG" in $LANG and the script worked fine. The mail was send and it worked well with Putty.

I have tested it on a SME 7.3 server with all patches applied.

Patrick


the same here for me.. without double quotes everything is working fine

Ciao
Stefano

Offline soprom

  • *
  • 589
  • +0/-0
    • www.logiciel-libre.org
Re: [Script] Generating SSH keys for root
« Reply #4 on: August 06, 2008, 11:12:03 PM »
just delete blank lines. There is some hidden bytes blocking the script.
Code: [Select]
#!/bin/sh


WORKDIR=/root

Code: [Select]
#!/bin/sh
WORKDIR=/root
Sophie from Montréal

Offline soprom

  • *
  • 589
  • +0/-0
    • www.logiciel-libre.org
Re: [Script] Generating SSH keys for root
« Reply #5 on: August 06, 2008, 11:24:55 PM »
Also, if you are not familiar with key handling for puttygen (like myself), we have to click the "Load" button to read the key, and then "Save private key" to obtain a putty compatible key.

The keys (for different servers) should be kept in a folder accessible from WinSCP and putty. WinSCP will try to read the key file every time it is opened.
Sophie from Montréal

Offline fpausp

  • *
  • 728
  • +0/-0
Re: [Script] Generating SSH keys for root
« Reply #6 on: January 02, 2009, 12:48:04 PM »
Hi All,

I like to use the SSH.sh script a 2nd time on the same server but when i try to login with putty or winscp i still get an error-message:

Disconnected: No supportet authentication methods available

???

regards
fpausp

Viribus unitis

Offline Craig Cabrey

  • ***
  • 79
  • +0/-0
Re: [Script] Generating SSH keys for root
« Reply #7 on: January 03, 2009, 12:46:29 AM »
Hi all,
I've modified this script [very] slightly so that it can be used by any user with shell access (enabled using Stephano's contrib  :lol: ) to generate SSH keys.
The only other thing I need to do is change it so that it sends an email to the current user's email address.

Regards,
Craig

EDIT: Only problem is, is that a non-priviledged user cannot set the db variable (obviously) so thats disabled somehow unless the user is prompted for a password using su but I don't know how to do that... maybe give an option in the script? e.g. "Would you like to disable password authentication (requires root password)? [Y/n]"
Just my $.02
« Last Edit: January 03, 2009, 12:59:12 AM by Craig Cabrey »