I need to create a script that automatically setup a ssh tunnel. I think that a dedicated ssh key without password is a good start but I couldn't find if this is possible and how to do it. This key should have limited privileges (only set the tunnel up) but I need another private key (with a password) for myself.
Thanks !
Ok, I've found the answer.
First, ssh-keygen -f theNewPrivateKey otherwise it will overwrite the old private key.
Second, ssh -i theNewPrivateKey me@mycomputer the -i option changes the private key used for the authentication.
Now I can try my script.
Edit: how does my new key has limited privileges:
When copying the public key to $HOME/.ssh/authorized_keys2 file of the target computer, I added this:
command="sleep 99999999999" ssh-dss AAAAB3NzaC1kc3MA...
(+ the rest of the key)
Then the only command allowed is to wait forever. Since the purpose of creating this key was to create a reverse ssh tunnel this should be fine. I then create the tunnel:
ssh -T -R 7878:localhost:22 -i .ssh/mynewkey me@myhomecomputer
Finally I can log from my home computer:
ssh myworklogin@localhost -p7878
I hope that this does not have security issues. If this is a bad thing, please let me know !
I had a similar situation where i had to synch a server content automatically without having to proivide the password in my robocopy script.
This Link helped me.
