Re: [tlug] Making my LAN a passwordless zone

["Stephen J. Turnbull" <stephen@example.com>]

Doug McLean writes:

 > > But this setup is still not entirely automated, so if you need
 > > something totally automated,

The use cases for this are pretty special, though, such as an
ssh-tunnel-based virtual network, and automated remote backup.  Many
of these are superseded by modern facilities such as secure VLANs and
TLS-based utilities.

 > > then provide a means to escalate privileges to the system
 > > account.

Note, if the phrase "system account" scares you, it should.  This
isn't the same as a system account in the sense of root, but it's
still something that you have deliberately set loose in your system
without direct supervision.

 > Almost forget to suggest.  When you do setup your keys, scripts and so
 > on, it's a good idea to use a minimalist ssh command to prevent abuse
 > by other folks.
 > 
 > Something like:
 > 
 > ssh -2 -x (destination)

More important than this is configuring your authorized_keys file.  If
you have an extremely frequent use case such as starting a music
player, you can do this in authorized_keys:

command="xmms -d uwakimon.sk.tsukuba.ac.jp:0" 1024 33 132535098597064883031281659724111764074533382230522119025232071648997880992531101913077891677830029596265225964527678581488317896453575781623447369895564021874225084996576250831863078642948926857424266557781091385087290229317268885059223675496524976648856946312638343091840880784873056990092800509247441054977 steve@example.com

which will allow me to control your music from my host in Tsukuba with
the simple command

    ssh -i ~/.ssh/tanko host.your.dom.ain

so don't copy that verbatim, or you'll find yourself listening to a
ghastly mix of John Mellencamp and Pizzicato Five. ;-)

 > Doug "Remembering to write below the quote ;)" McLean

In this case, you could have just omitted the quote.