(OT) secure web updates from Windows

Bill Campbell bill at celestial.com
Thu Mar 31 10:43:05 PST 2005 

On Wed, Mar 30, 2005, Brian K. White wrote:
>
>----- Original Message ----- 
>From: "Bill Campbell" <bill at celestial.com>
>To: <filepro-list at lists.celestial.com>
>Sent: Wednesday, March 30, 2005 5:21 PM
>Subject: (OT) secure web updates from Windows
>
>
>>I have somebody who wants to be able to update a web site which I
>>have under a /home/$user/public_html directory to allow updating
>>with normal shell tools.  The only secure methods I know to allow
>>'Net access to this are sftp and ssh or perhaps webdav via a SSL
>>(https) connection.
>>
>>We do not allow password authentication using ssh since I've had
>>problems with dictionary attacks on bad user passwords permitting
>>ssh access to user's directorys where an IRC ``bot'' is run.
>>
>>I've played a bit with puttygen to generate public/private key
>>pairs, but haven't found the magic incantations that openssh-3.9p1
>>likes using putty (and I don't know that putty handles file
>>uploads in any case).
>>
>>Any suggestions from folks who have to put up with Windows?
>
>I use puttygen to generate keys that work with openssh on sco/linux/freebsd
>and used psftp in batch files to upload/download files using the key.
>
>What is the specific question?
>The only "trick" is that you have to use cut & paste to get the public key 
>that openssh likes.
>It's not obvious, but the window that displays the generated key is one 
>long, wrapped, line.

I finally got this working, and found a cleaner way to handle the public
key for the authorized keys file.  Using vi (the keys in parenthesis are
generally the vi keystrokes):

  1.  Delete the first and last lines from the file (PUBLIC KEY).

  2.  Move the Comment line to the end of the file (:1m$).

  3.  Go to the last line of the file (G).

  4.  Delete the ``Comment:'' and double quotes from the last line.

  5.  Go to the first line of the file (H)

  6.  Insert ``ssh-rsa '' at the beginning of the first line.

  7.  Join all the lines into a single line (JJJJ).

  8.  Delete the blanks created by the joins (f x).

  9.  Save an append to the authorized_keys file.

It takes a lot longer to explain it than to do it.  I've attached a file
with the ``ex'' commands that will do this conversion in place using the
command ``ex - pubkeyfile < pubkey.exrc''.  Figuring out what it does is
left as an exercise to the student.

Bill
--
INTERNET:   bill at Celestial.COM  Bill Campbell; Celestial Software LLC
UUCP:               camco!bill  PO Box 820; 6641 E. Mercer Way
FAX:            (206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/

Manual, n.:
	A unit of documentation.  There are always three or more on a
	given item.  One is on the shelf; someone has the others.  The
	information you need is in the others.
		-- Ray Simard
-------------- next part --------------
$d
1d
s/.*"\(.*\)"/\1/
1m$
1
j
j
j
s/ //g
j
s/^/ssh-rsa /
wq

More information about the Filepro-list mailing list