(OT) secure web updates from Windows
Bill Campbell
bill at celestial.com
Thu Mar 31 10:43:05 PST 2005
On Wed, Mar 30, 2005, Brian K. White wrote:
>
>----- Original Message -----
>From: "Bill Campbell" <bill at celestial.com>
>To: <filepro-list at lists.celestial.com>
>Sent: Wednesday, March 30, 2005 5:21 PM
>Subject: (OT) secure web updates from Windows
>
>
>>I have somebody who wants to be able to update a web site which I
>>have under a /home/$user/public_html directory to allow updating
>>with normal shell tools. The only secure methods I know to allow
>>'Net access to this are sftp and ssh or perhaps webdav via a SSL
>>(https) connection.
>>
>>We do not allow password authentication using ssh since I've had
>>problems with dictionary attacks on bad user passwords permitting
>>ssh access to user's directorys where an IRC ``bot'' is run.
>>
>>I've played a bit with puttygen to generate public/private key
>>pairs, but haven't found the magic incantations that openssh-3.9p1
>>likes using putty (and I don't know that putty handles file
>>uploads in any case).
>>
>>Any suggestions from folks who have to put up with Windows?
>
>I use puttygen to generate keys that work with openssh on sco/linux/freebsd
>and used psftp in batch files to upload/download files using the key.
>
>What is the specific question?
>The only "trick" is that you have to use cut & paste to get the public key
>that openssh likes.
>It's not obvious, but the window that displays the generated key is one
>long, wrapped, line.
I finally got this working, and found a cleaner way to handle the public
key for the authorized keys file. Using vi (the keys in parenthesis are
generally the vi keystrokes):
1. Delete the first and last lines from the file (PUBLIC KEY).
2. Move the Comment line to the end of the file (:1m$).
3. Go to the last line of the file (G).
4. Delete the ``Comment:'' and double quotes from the last line.
5. Go to the first line of the file (H)
6. Insert ``ssh-rsa '' at the beginning of the first line.
7. Join all the lines into a single line (JJJJ).
8. Delete the blanks created by the joins (f x).
9. Save an append to the authorized_keys file.
It takes a lot longer to explain it than to do it. I've attached a file
with the ``ex'' commands that will do this conversion in place using the
command ``ex - pubkeyfile < pubkey.exrc''. Figuring out what it does is
left as an exercise to the student.
Bill
--
INTERNET: bill at Celestial.COM Bill Campbell; Celestial Software LLC
UUCP: camco!bill PO Box 820; 6641 E. Mercer Way
FAX: (206) 232-9186 Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/
Manual, n.:
A unit of documentation. There are always three or more on a
given item. One is on the shelf; someone has the others. The
information you need is in the others.
-- Ray Simard
-------------- next part --------------
$d
1d
s/.*"\(.*\)"/\1/
1m$
1
j
j
j
s/ //g
j
s/^/ssh-rsa /
wq
More information about the Filepro-list
mailing list