SSH supports a number of different methods of authenticating connections. The two most common are password and shared key (and I’m not going to talk about the others, since they’re for rather specific applications). By default, and in almost every case where people use SSH, they’re probably entering a password. This is generally good for security, but bad for convenience, scripting, and a number of other things.
When setting up shared keys between two accounts, there is only really one big decision to be made - do you want to require a password or not? If you do so, that password is independant of either the source or destination accounts’ passwords. If you don’t set a password on the key, you effectively merge the two accounts into one - making transitions between them very transparent in deed.
I tend not to set passwords on my ssh keys. This means that I can scp files between machines without having to type the password every time, which in turn means that I can run backup scripts over an encrypted connection or use gvim to edit a remote file securely without having to tunnel an entire X session. There are lots of uses.
But I digress. You just want to set it up, eh?
Suppose I am setting up passwordless stuff between two servers, Bender and Fry. The basic procedure for creating my key pair looks like this:
ammon@bender:~$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ammon/.ssh/id_rsa): [enter]
Enter passphrase (empty for no passphrase): [enter]
Enter same passphrase again: [enter]
Your identification has been saved in /home/ammon/.ssh/id_rsa.
Your public key has been saved in /home/ammon/.ssh/id_rsa.pub.
The key fingerprint is:
88:99:60:ee:eb:e5:ac:1f:fb:fe:ae:83:5c:3c:c4:0b ammon@bender
Obviously, your username & hostname are probably going to be different, as is the generated fingerprint. This creates two files, ~/.ssh/id_rsa and ~/.ssh/id_rsa.pub. These are your private and public keys (respectively). And, because you didn’t type in a password when creating them, they’re not going to ask you for a password when you want to use them.
In addition to creating an RSA key, you could also create a DSA key, but RSA keys work with both SSH1 and SSH2 (not that you’re using SSH1, right?). For our application, there’s no real reason to choose one over the other.
Now that we have our keys, you need to send the public key to the other server. The SSH daemon looks for public keys of friendly accounts in ~/.ssh/authorized_keys, so the process is probably going to be something like this:
ammon@bender:~$ scp .ssh/id_rsa.pub fry:.ssh/authorized_keys
ammon@fry’s password: [password]
id_rsa.pub 100% 996 1.0KB/s 00:00
Now, if the universe is right, when I try to ssh over to Fry, I won’t be prompted for a password. To make things happy the other way around (to allow Fry to log in to Bender w/o a password), you just repeat the process the other way around. That is, create a key pair on Fry, copy the public key over to Bender.
If we were to add another server (Zoidberg) to the list, you’d repeat the process by creating a keypair over there and copying the public key to both Fry and Bender, and making sure Zoidberg’s authorized_keys file contains a copy of both Fry’s and Bender’s public keys. The more machines you add to the mix, the easier it is to forget to update one.
I find it helpful to make a copy of the public key in the form hostname.pub when generating a new key and copy it everywhere. Then, on the remote machines I execute a cat *.pub > authorized_keys to regenerate the index.
warning
And, just because I am such a good citizen, I figure I’ll close out with a warning. Be careful with this, if one machine in your little family of key-sharing happiness is compromised, the rest are. Also, it is healthy to keep track of which accounts can talk to which other accounts in order to track down/make changes in the future.
Case study:
At a previous job of mine, I had set up keyless ssh into the root account of one of the (non-mission critical) servers from my desktop, since that was the only place I was logging in from, and I was doing it a lot.
Well, 9 months after I quit, I typoed an ssh command - and wound up with root privs on the box. My brief examination of the machine showed that while the guy who replaced me was bright enough to change the root password itself when I left, he didn’t check for ssh keys. I discovered three other accounts that were similarly accessible by keys created by users who were no longer with the organization.
Yeah.
Posted by Ammon as howto, ssh, work at 10:40 PM EDT
3 Comments »
Tuesday afternoon, my work day was disrupted by news from Adam that the anime season has begun in Japan this week. A quick trot over to AnimeSuki confirmed this, as well as the news he told me of the new .hack//ROOTS release that I had been anticipating and of a new Disgaea anime that I had absolutely not been expecting. It’s just a month full of surprises.
Now, I am a very loyal member of the NIS camp. I absolutely adore Disgaea. I am largely pleased with the anime so far. It sounds like they got the same voice actors as for the game and it’s quite obvious that they’re using a lot of the same music. That said, I’m a trifle disapointed in a few places - which, I suspect is the fate of any fan when something crosses media platforms.
My two problems with the show are pretty minor, really. I still have every intention of watching the show and buying it when it comes out in the US (especially if they can get the same English voice actors… making it the first show ever I’ll actually purchase for the sake of the dub).
- The story is different - I can deal with this. The game’s plot doesn’t translate very well into the sort of format suitable for linear viewing in a television series. Lots of early events are very much gameplay-specific, and there are overt references to leveling up and such. So it makes perfect sense to rip that whole bit out… but they’re doing more than condensing the story, they’re shuffling it.
Episode one of the anime introduces us to the humans. These characters don’t show up until about halfway through the game… The anime also doesn’t actually introduce Etna (one of the 3 main chars in the game) until the last few frames, and even then, it just shows her in shadows before fading to credits. I don’t appreciate that sort of abuse. Etna’s my favorite. She’s probably the most interesting character in the game. I don’t like the humans. So, a bit upset over that, but she still shows up above the humans in the closing credits, so there is hope…
- The art is different - Now this one kind of breaks my little heart. One of the biggest draws of Disgaea is the art. It’s incredible. Of the last 6 desktop wallpapers on my laptop here, three have been from the Disgaea universe. While the art in the anime is obviously recognizable… it’s also kind of dumbed down. The characters are (what’s a good word?) fluffier, softer, rounder. They’re poofy. The original art was crisp, with cool shading and sharp lines and angular faces. The anime looks like fan art.
So, after watching Disgaea, I decided to check out the other shows I’d downloaded (had started 8 or 9 torrents of new releases in addition to Disgaea). I’m not really surprised with what I wound up with. We’ve got your basic selection of young girls in short skirts and pointless combat shows. So far, I’m not really impressed with any of the new shows. Except .hack.
Now, I will admit it, I am also a .hack fanboy. I have the ps2 games, anime, the manga, and the novels (and I’ve read them). I own the “dothax0r.com” domain name and was originally developing a database and community site for players of the games (but that project is currently on hold).
I think I liked the new anime. I’m not quite sure yet. But it’s good. It’s much more like SIGN than DUSK (and I liked the former over the latter). That is to say that there are a lot of characters introduced, lots of pretty pictures, lots of dialogue, and not a lot of action. Perspective switches between different factions halfway through conversations and we don’t have the entire story of things.
As is required by law, they say the word 黄昏 (tasogare - twilight) about 50 times during the 22 minute episode. There is a “twilight brigade” guild who is searching for some undefined something. Yup, it’s .hack all right 
The story of the first episode revolves around a newbie who’s not really sure why he started playing the game. He keeps getting into PK encounters and refuses to read the manual (which of course only adds to his ignorance and such). He appparently didn’t even choose a character class at creation time - he’s a “multi-weapon”, tho he is dual wielding daggers (which would make him a “twin blade” in .hack parlance) during the brief combat scene at the end of the episode.
In between all of this, there are numerous high level players who are expressing an interest in him. I described one of these encounters to Adam:
(13:51:45) Ammon: people being friendly to newbie are some twilight brigade guild or something
(13:51:50) Ammon: they’re trying to recruit him
(13:51:58) Ammon: and build up enough people to reform guild or something
(13:52:19) Ammon: oh, and the kid’s class is “multi-weapon”
(13:52:21) Adam: Newbie: You are … the chosen one!
(13:52:29) Ammon: “you have a characteristic”
(13:52:34) Ammon: “i have a what?”
(13:52:43) Ammon: “a special characteristic”
(13:52:46) Ammon: “what’s that?”
(13:52:50) Ammon: “i can’t tell you, neener”
(13:52:55) Ammon: “join me”
(13:52:57) Ammon: “what?”
(13:53:06) Ammon: “join me! and together, we will rule the universe as father and son!”
(13:53:09) Ammon: “you’re not my father!”
(13:53:19) Ammon: *bsshhkow*
(13:53:24) Ammon: “aaaargh! why’d you slice off my hand!”
(13:53:26) Ammon: “?”
(13:53:32) Ammon: something like that
(13:53:34) Ammon: only not really
(13:53:44) Adam: Yay!
So, I embelished things a bit, but not by much. I’m hopeful for next week. Maybe I’ll even build up the courage to try a few of these other shows… but my eyes are still recovering from some of the other garbage I’ve already sampled. We shall see.
Posted by Ammon as anime, disgaea, games, play at 9:17 AM EDT
1 Comment »
http://natsume.com
Well. I got ambushed by a new Harvest Moon release. Completely blind-sided. Didn’t have a clue it was coming out. Yeah.
That was a week ago, actually.
Apparently everyone else was also surprised by this release. When I got the game (2 days after the NA release), there was not a single FAQ/Walkthrough to be found online. I checked all of the usual suspects an was completely unrewarded. In fact, the only information I could really find on the game was on the Wikipedia of all places.
Now, I’m writing a FAQ on the game. It looks like other people have finally started producing docs as well. I’ll be posting it online as soon as it gets a bit longer (it’s currently only 28k). Penny and I have each played through half of a year of the game by now. I’m technically 1/4 of the way to “winning”.
Aside from the wierd controls and strange graphics, this is arguably my favorite Harvest Moon to date. They stole about 1/2 of the new features Nicole and I came up with for Strawberry.
Since I’m already writing a FAQ, I am not really in the mood to write a full review.
But… given this current stimulus and recent conversations I’ve had with Adam and Chris, I just might be revisiting (and revising and rewriting) my Strawberry spec.
Update: Yeah, so the FAQ was about 70% written before I forgot about it and scrubbed the HD it lived on. Go me.
Posted by Ammon as games, harvest moon, play at 2:52 AM EDT
2 Comments »
