SSH¶

Extract public key from private key¶

ssh-keygen -y -f mykey.pem > mykey.pub

From man :

ssh-keygen -y [-f input_keyfile]
-y This option will read a private OpenSSH format file and print an OpenSSH public key to stdout.

Change or remove passphrase¶

ssh-keygen -p -f .ssh/id_rsa

To remove passphrase, simply put an empty password.

See key complexity¶

How do I get the RSA bit length with the pubkey and openSSL

Root rsync¶

/etc/ssh/sshd

PasswordAuthentication yes
PermitRootLogin prohibit-password

On the remote machine

In /root/.ssh/authorized_keys add :

command="/root/rsync.sh" in front of the root key pub

Add in /root/rsync.sh :

#!/bin/bash
if [ -n "$SSH_ORIGINAL_COMMAND" ]; then
    if [[ "$SSH_ORIGINAL_COMMAND" =~ ^rsync\  ]]; then
        echo "`/bin/date`: $SSH_ORIGINAL_COMMAND" >> $HOME/ssh-command-log
        exec $SSH_ORIGINAL_COMMAND
    else
        echo "`/bin/date`: DENIED $SSH_ORIGINAL_COMMAND" >> $HOME/ssh-command-log
    fi
fi