Ssh – The Right Way to setup SSH keys to automate scp

I want to setup SSH keys to automate scp jobs. My current assumption is that "automate" implies SSH keys without a password, but I am open to your suggestions.

I did a lot of Googling before I asked this question. Here is what I found:

Lots of pages explain how to configure SSH keys without a password
Very few pages explaining the security implications of SSH keys without a password

Thus, this question is a prime candidate for what Jeff Atwood calls "Making the Internet a Better Place".

For the purpose of this question, imagine this config:

Source 1 (not controlled by me): user1@host1
Source 2 (not controlled by me): user2@host2
Source X/Y/Z (not controlled by me): etc.
Destination (controlled by me): user3@host3
Goal: Setup "jobs" (scripts, whatever) to copy files from user1@host1 and user2@host2 (etc.) to user3@host3 using scp

I already know about:

ssh-keygen to generate SSH keys
SSH keys can have empty/no password
~/.ssh/id_dsa has the private key
~/.ssh/id_dsa.pub has the public key
Copy ~/.ssh/id_dsa.pub into ~/.ssh/authorized_keys and carefully set its file permissions
Share contents of ~/.ssh/id_dsa.pub with other user/host to use with scp

In my own testing between different hosts/users, I know my setup works.

What troubles me are the security implications. And, I confess that I am not a Linux admin, nor a security expert.

If I give this public SSH key to another division to use with scp, what if that same key is leaked/lost/stolen to another division?
Does this imply anyone with access to this public SSH key can use scp against host3 as user3 without a password?

Important assumptions to consider for your responses:

I do not care about external hackers via the wider Internet. These are Linux boxes on a secure corp network.
I cannot setup additional user IDs.

I am guessing there is a way to restrict access for a specific SSH key, but I don't know how. Maybe ~/.ssh/authorized_keys options (which I just learned about today)? Is it possible to have multiple SSH keys — give a different key to each source?

Please advise The Right Way.

Best Answer

user3@host3 can have as many ssh public keys as they like granting access to their account. Some can be password protected, others not.

Each key has a public and private part. The keys will be generated by user1 and user2, the public half will be given to user3. User3 can then add those keys to their authorized_keys file. whether the key is password protected or not is determined by the private key, not the public one. So if user3 is given a public key by user1, they have no way to tell if it is password protected or not, AFAIK.

You can perform some restrictions from within the authorised_keys file on individual machines as described in the 'authorized_keys : restricting access section' here

Say for instance you wanted to make sure user1 could only connect from host1 and user2 from host2 you could put in

from="host1" <user1 public key>
from="host2" <user2 public key>

then if the private key is compromised or stolen for either user1 or user2 they are not able to connect in from any other machine.

Not sure how good this is but might be worth you looking into scponly which looks to prevent shell access to users you only want to have scp access for.

Best Answer

Related Solutions

SSH/SCP with no password not working

Ssh – way to SSH / SCP to another server as a different user, via a script

Related Topic