Solved Copy SSH public key to system behind a jump box
-
When I directly connect via SSH during initial setup, I just use
ssh-copy-idto get my public key in place.But how can I do that if my only SSH access to the system is behind a jump box?
I can SSH in easily with
ssh -J jump.domain.com 10.X.X.Xwith password auth. But I don't want to leave password auth enabled.I can SSH in once with password and manually create the
authorized_keysfiles (and the.sshfolder for that matter), but then I need to worry about permissions, etc. -
Ok, I think I got it working now.
# From your host to your JUMPBOX # Not needed if your public key is already in placed cat ~/.ssh/id_ed25519.pub | ssh jump.domain.com 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys' # From your host to the host behind your JUMPBOX cat ~/.ssh/id_ed25519.pub | ssh -J jump.domain.com 10.X.X.X 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys' # Connect to your host behind your JUMPBOX ssh -J jump.domain.com 10.X.X.X -
@JaredBusch said in Copy SSH public key to ssem behind a jump box:
I can SSH in once with password and manually create the authorized_keys files (and the .ssh folder for that matter), but then I need to worry about permissions, etc.
Will something like this work?
cat ~/.ssh/id_key.pub | ssh -J jump.domain.com 10.X.X.X -o IdentitiesOnly=yes 'umask 0077; mkdir -p .ssh; cat >> ".ssh/authorized_keys && echo "Key copied"' -
@black3dynamite said in Copy SSH public key to ssem behind a jump box:
@JaredBusch said in Copy SSH public key to ssem behind a jump box:
I can SSH in once with password and manually create the authorized_keys files (and the .ssh folder for that matter), but then I need to worry about permissions, etc.
Will something like this work?
cat ~/.ssh/id_key.pub | ssh -J jump.domain.com 10.X.X.X -o IdentitiesOnly=yes 'umask 0077; mkdir -p .ssh; cat >> ".ssh/authorized_keys && echo "Key copied"'Does that give it the right selinux type also? I’m not at a computer now to test.
-
@JaredBusch said in Copy SSH public key to ssem behind a jump box:
@black3dynamite said in Copy SSH public key to ssem behind a jump box:
@JaredBusch said in Copy SSH public key to ssem behind a jump box:
I can SSH in once with password and manually create the authorized_keys files (and the .ssh folder for that matter), but then I need to worry about permissions, etc.
Will something like this work?
cat ~/.ssh/id_key.pub | ssh -J jump.domain.com 10.X.X.X -o IdentitiesOnly=yes 'umask 0077; mkdir -p .ssh; cat >> ".ssh/authorized_keys && echo "Key copied"'Does that give it the right selinux type also? I’m not at a computer now to test.
The correct selinux type should be
unconfined_u:object_r:ssh_home_t:s0 -
Ok, I think I got it working now.
# From your host to your JUMPBOX # Not needed if your public key is already in placed cat ~/.ssh/id_ed25519.pub | ssh jump.domain.com 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys' # From your host to the host behind your JUMPBOX cat ~/.ssh/id_ed25519.pub | ssh -J jump.domain.com 10.X.X.X 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys' # Connect to your host behind your JUMPBOX ssh -J jump.domain.com 10.X.X.X -
@black3dynamite said in Copy SSH public key to ssem behind a jump box:
# From your host to your JUMPBOX # Not needed if your public key is already in placed cat ~/.ssh/id_ed25519.pub | ssh jump.domain.com 'umask 0077; mkdir -p .ssh; cat >> .ssh/authorized_keys'ssh-copy-idshould do this
