0

I am starting work for an organization on their server. They need to allow connections from my server in order to use GIT over SSH.

They asked me to place this in my SSH directory: 

SHORTNAME=abcdef
FULLNAME=12.34.56.789
PORT=9999
ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa_${SHORTNAME}
cat <<EOF >> ~/.ssh/config
host ${SHORTNAME}
hostname ${FULLNAME}
port ${PORT}
identityfile ~/.ssh/id_rsa_${SHORTNAME}
compression yes
protocol 2
ServerAliveInterval 60
EOF
ssh ${SHORTNAME} "mkdir -p ~/.ssh"
scp -P ${PORT} ~/.ssh/id_rsa_${SHORTNAME}.pub ${FULLNAME}:~/.ssh/id_rsa_${SHORTNAME}.pub
ssh ${SHORTNAME} "cat ~/.ssh/id_rsa_${SHORTNAME}.pub >> ~/.ssh/authorized_keys"

I am a Linux beginner. I just want to ensure that running this in SSH won't allow them access to my server. We're trying to achieve a solution where my server is allowed to connect to their server for push and pull requests via GIT over SSH. Is this safe to do? Or is there a better solution to accomplish this task?

Chida
  • 2,491
  • 1
  • 17
  • 29
Michael Ecklund
  • 251
  • 2
  • 5
  • 13

2 Answers2

3

This script...when run on your local system...will:

  • Create a new ssh keypair for you in your .ssh directory. You'll end up with two files, id_rsa_abcdef and id_rsa_abcdef.pub.

  • It will create an ssh configuration file for you in .ssh/config with the following contents:

    host abcdef
hostname 12.34.56.789
port 9999
identityfile ~/.ssh/id_rsa_abcdef
compression yes
protocol 2
ServerAliveInterval 60

    This will allow you to type ssh abcdef, for example, and ssh will know to connect to host 12.34.56.789 on port 9999 using your newly created keypair without you having to type in a bunch of additional command line options.

  • It will then copy your ssh public key to the remote server so that you can use your private key for authentication.

It will not give any access to your local machine to somebody else.

larsks
  • 43,623
  • 14
  • 121
  • 180
  • Is it safe to generate the key by root? Or should I generate from a different user? – Michael Ecklund Aug 16 '12 at 13:30
  • 1
    Since you're not opening up any access to your system...it doesn't really matter. But generally you should not be doing things as root on your system. Runnings commands as root means that a typo can be a crisis rather than an inconvenience, compare the typo `rm -rf / myfile` (whoops, there's an extra space there) run as root (it will delete everything) vs run as a normal user (it won't have permission to delete things other than your home directory contents). – larsks Aug 16 '12 at 13:33
1

The commands/script you posted here is safe and will create a keypair to use for SSH authentication and it will copy the public key to ${FULLNAME}. This is a good solution.

pkhamre
  • 6,120
  • 3
  • 17
  • 27