home bbs files messages ]

Just a sample of the Echomail archive

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

   RBERRYPI      Support for the Raspberry Pi device      21,939 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 19,310 of 21,939   
   Richard Kettlewell to Pancho   
   Re: It is now very nearly impossible to    
   01 Feb 24 08:43:51   
   
   INTL 3:770/1 3:770/3   
   REPLYADDR invalid@invalid.invalid   
   REPLYTO 3:770/3.0 UUCP   
   MSGID:  f70a8735   
   REPLY:  e911dacc   
   PID: SoupGate-Win32 v1.05   
   Pancho  writes:   
   > On 31/01/2024 21:25, druck wrote:   
   >> On 31/01/2024 20:26, Pancho wrote:   
   >>> Yes, I understand the need for unique keys for clients which   
   >>> operate outside the home, like a laptop, but what about for the LAN   
   >>> only devices? For instance, a rPi using scp to another rPi. I have   
   >>> quite a few Pis.   
   >>>   
   >>> When I set up a new machine, it is often easier to use an existing   
   >>> key which already has been installed on all SSH servers, so I use a   
   >>> single one. Often, I just copy the ~/.ssh folder. I suppose I could   
   >>> reuse a currently unused key from a pool of configured keys, but it   
   >>> seems like a lot of work.   
   >> Very bad practice. Generate a new key on each device with ssh-keygen   
   >> and copy it to your primary machine with ssh-copy-id Then replicate   
   >> the primary machines .ssh/authorized_keys file to all the others, so   
   >> you can login from any machine to any other.   
   >   
   > Yes, but in practice that meant everytime I installed a new OS on an   
   > experimental Orange Pi5 I had to alter the set up of seven or eight   
   > machines. Sometimes I was doing this a few times a day.   
      
   You’ve got several reasonable options:   
      
   1) Review your requirements. Do you really need everything to be able to   
      talk to everything? If not then some of those alterations are wasted.   
      
   2) Automate the process of copying new public keys all the places they   
      need to be. Computers are better than you are repetitive tasks.   
      
   3) Use certificate-based authentication. Instead of copying public keys   
     everywhere, just sign them once, and get each endpoint to trust the   
     CA.   
      
   --   
   https://www.greenend.org.uk/rjk/   
      
   --- SoupGate-Win32 v1.05   
    * Origin: Agency HUB, Dunedin - New Zealand | Fido<>Usenet Gateway (3:770/3)   
   SEEN-BY: 10/0 1 15/0 90/1 103/705 105/81 106/201 128/260 129/305 135/225   
   SEEN-BY: 153/757 7715 218/0 1 601 700 840 870 930 220/70 221/1 6 226/17   
   SEEN-BY: 226/30 100 227/114 229/110 112 113 200 206 307 317 400 426   
   SEEN-BY: 229/428 470 550 616 664 700 240/1120 266/512 267/800 282/1038   
   SEEN-BY: 291/111 292/854 301/1 113 812 310/31 320/219 322/757 335/364   
   SEEN-BY: 341/66 342/200 396/45 460/58 633/280 712/848 770/1 3 100   
   SEEN-BY: 770/330 340 772/210 220 230 5020/400 1042 5058/104 5075/35   
   PATH: 770/3 1 218/840 221/6 301/1 218/700 229/426   
      

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca