"Fossies" - the Fresh Open Source Software Archive

Member "sshexport-2.5/sshexport.xml" (20 Sep 2021, 6032 Bytes) of package /linux/privat/sshexport-2.5.tar.gz:

As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) XML source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 <!DOCTYPE refentry PUBLIC 
    2    "-//OASIS//DTD DocBook XML V4.1.2//EN"
    3    "docbook/docbookx.dtd">
    4 <refentry id='sshexport.1'>
    5 <refmeta>
    6 <refentrytitle>sshexport</refentrytitle>
    7 <manvolnum>1</manvolnum>
    8 <refmiscinfo class='date'>Nov 22, 2002</refmiscinfo>
    9 <refmiscinfo class='productname'>sshexport</refmiscinfo>
   10 <refmiscinfo class='source'>sshexport</refmiscinfo>
   11 <refmiscinfo class='manual'>Internet</refmiscinfo>
   12 </refmeta>
   13 <refnamediv id='name'>
   14 <refname> sshexport</refname>
   15 <refpurpose>install ssh public keys on remote servers</refpurpose>
   16 </refnamediv>
   17 <refsynopsisdiv id='synopsis'>
   19 <cmdsynopsis>
   20   <command>sshexport</command>  
   21   <arg choice='opt'>-h</arg>
   22   <arg choice='opt'>-c</arg>
   23   <arg choice='opt'>-p <replaceable>port</replaceable></arg>
   24   <arg choice='opt'>-r</arg>
   25   <arg choice='opt'>-d</arg>
   26   <arg choice='opt'>-v</arg>
   27   <arg choice='plain' rep='repeat'><replaceable>name@host</replaceable></arg>
   28 </cmdsynopsis>
   30 </refsynopsisdiv>
   32 <refsect1><title>Description</title>
   34 <para>This script tries to export ssh public keys to specified sites.
   35 It will walk the user through generating key pairs if it doesn't find
   36 any to export.  It handles all the fiddly details, like remembering
   37 the ssh keyfile names, updating the
   38 <filename>authorized_keys</filename> and making sure local and remote
   39 permissions are correct.  It tells you what it's doing if it has to
   40 change anything.</para>
   42 <para>Each name@host argument is the name of a host where your
   43 public keys should be installed.  If it contains a @, the part before
   44 the @ will be clipped off and used as the login name. Otherwise your
   45 local login name will be used.</para>
   47 <para>Note: this script does not parse your ssh configuration &mdash;
   48 therefore, if you have specified a different remote user in your
   49 configuration, this script will not know that.  You can use the
   50 user@host syntax to force the remote username.</para>
   52 <para>On any remote Linux system using selinux, the security context of
   53 root's <filename>authorized_keys</filename> is restored whenever
   54 it is modified or deleted.</para>
   56 </refsect1>
   57 <refsect1><title>Recording remote key locations</title>
   59 <para>If either of the files
   60 <filename>~/.config/sshexport</filename> or
   61 <filename>~/.ssh/sshexport.rc</filename> exists, places where you
   62 install keys will be recorded in it, along with the password used to
   63 access the host and the port (if non-default). This record will also
   64 be updated when you use the check option, so you can use that option
   65 to check sites where you may have previously installed keys and add
   66 them to the list. Entries are edited when you delete remote keys; the
   67 key is deleted, but not the password and port information.</para>
   69 <para>Beware that if your account is cracked, this record will offer
   70 the intruder a menu of other systems to attack, escalating security
   71 risks. Thus, to enable the recording feature, you must explicitly
   72 create <filename>~/.ssh/sshexport.rc</filename> or
   73 <filename>~/.config/sshexport.rc</filename>using
   74 <citerefentry><refentrytitle>touch</refentrytitle><manvolnum>1</manvolnum></citerefentry>
   75 or some other means. This tool will not create the file for you. Also,
   76 it checks permissions on these files at startup and bails out with a
   77 message if they are not limited to the owning user.</para>
   79 </refsect1>
   80 <refsect1><title>Options</title>
   82 <para>Invoked with the <option>-h</option> option, the program prints
   83 a usage summary and exits.</para>
   85 <para>Invoked with the <option>-c</option> option, the program checks
   86 your local and remote ssh configuration for problems without changing
   87 anything (except that your record of where you have installed keys is
   88 updated).</para>
   90 <para>The -p option allows you to set a port number, overriding the
   91 default 22.  This may be useful if you have a firewall and port
   92 forwarding setup. Port numbers are recorded if you have recording set
   93 up.</para>
   95 <para>Invoked with the <option>-d</option> option, the program deletes
   96 any public keys under the specified login at the specified host. The
   97 password and the -p option need not be specified if an entry was
   98 recorded for this host. The configuration entries for any such keys
   99 are also removed, but not port and password information.</para>
  101 <para>The <option>-r</option> force-installs your keys on all sites
  102 recorded in your installation log. By removing your keys (to force a
  103 key pair generation) you can ship new keys to all sites.</para>
  105 <para>The <option>-v</option> option says to report all commands and
  106 responses during the session. It's mainly useful for debugging.</para>
  108 </refsect1>
  109 <refsect1><title>Files</title>
  111 <para>Sites where keys have been installed may be recorded in
  112 <filename>~/.sshexport</filename> or
  113 <filename>~/.config/sshexport.</filename> (the second location
  114 is preferred if <filename>~/.config</filename>) exists.</para>
  116 </refsect1>
  117 <refsect1><title>Requirements</title>
  118 <para><command>sshexport</command> was written in Python 2.2a1.  It
  119 will not work under Python 1.5.2. </para>
  120 </refsect1>
  122 <refsect1><title>Bugs</title>
  123 <para>This program relies on ptys to work correctly in combination with exec,
  124 but some implementations (notably under FreeBSD) don't. Suspect this if
  125 you see termination with the message "Remote ls returned empty string, 
  126 bailing out"</para>
  128 <para>If you encounter this or any other bug, the first thing to do is
  129 run with -v and see if that clarifies matters.  If not, send the maintainer a
  130 session transcript.</para>
  131 </refsect1>
  133 <refsect1><title>See Also</title>
  134 <para><citerefentry><refentrytitle>ssh</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
  135 <citerefentry><refentrytitle>ssh-keygen</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
  136 </refsect1>
  138 <refsect1><title>Author</title>
  139 <para>Eric S. Raymond <email>esr@thyrsus.com</email>.</para>
  141 <para>There is a project web page at
  142 <ulink
  143 url="http://www.catb.org/~esr/sshexport/">http://www.catb.org/~esr/sshexport/</ulink>.</para>
  144 </refsect1>
  145 </refentry>
  147 <!--
  148 Local Variables:
  149 compile-command: "make sshexport.html"
  150 End:
  151 -->