Part of my excitement about setting up this network with Ubuntu as the backbone is the ability to automate common tasks. Several of these tasks will require the ability for one machine to access and/or copy to another machine.
When you connect to another machine in unix, you typically use ssh to connect. The old way was to use telnet but there are so many security holes in telnet that most people now recommend ssh. When ssh is run the first thing it does is ask for your password in order to determine if you have the authority to connect to the machine you are attempting to connect to.
This works fine until you want to automate a script or process. If the script has to wait for manual input to proceed, you might as well run the process manually. I need to figure out a way to connect automatically while still maintaining a reasonably high level of security.
While reading up on the ssh command I came across a reference to the ssh-keygen command. This commands creates a key set that can be used to establish a connection automatically. You run this command to create a public and private key. You can tailor this key via passphrases and passwords. Once the key is generated you can them copy the public key to the machine that you want access to. When the ssh command attempts to connect, if you have a public key resident, then it automatically allows entry.
This was exactly what I was looking for. The problem is that I don't want this capability out there for everyone to use. I chose to add another level of complexity to it. I would create a new user with limited or restricted access and use that user to communicate between machines.
To do this I first created a restricted group and then added a user called filecopy to it. I generated an ssh key for that user. I then went to the remote machine and created the same user and group. Lastly I copied over the public key to the remote machine and placed it in the hidden .ssh directory under the /home/filecopy directory.
I tested the login and it worked like a charm. Now if I was only able to do it as fast as I was able to type this up! My trials and tribulations have caused me to go back and read up on the basics of users and groups. While I understand what is that I am attempting to do here, I need to make sure that I am not leaving a huge security hole for others to exploit.
Man, this is fun!