automated, security

DHCP, inverted commas and ssh with RSA

There is a server I manage (called alex) which has not a fixed IP. As you know, I have a shell at the best Unix server out there (by the way, it is almost free. The problem is to keep an up-to-date record of the first server’s IP address. I do it as follows (and yes, I know timtowtdi).

What I did was:

  1. Create an RSA public/private key pair at alex:
    alex $ ssh-keygen -N'' -f 'id_alex' -t rsa
    

    which creates the files id_alex and id_alex.pub.

  2. Create a cron job for my account at alex which looks like
    5,10,15,20,25,30,35,40,45,50,55,0 * * * * /usr/bin/ssh -i \
    /home/pera/.ssh/id_rsa.sdf pfortuny@sdf-eu.org
    
  3. Copy the file at sdf:
    alex $ scp id_alex.pub pfortuny@sdf-eu.org:.ssh/id_alex.pub
    
  4. At sdf, concatenate the public key at the end of ~/.ssh/authorized_keys:
    sdf $ cd ~/.ssh
    sdf $ cat id_alex.pub >> authorized_keys
    
  5. Edit the authorized_keys file so that the line corresponding to id_alex says:
    command="/bin/echo $SSH_CLIENT | cut -f1 -d' '> 
    /arpa/p/pfortuny/alex.IP",no-port-forwarding,no-agent
    -forwarding,no-X11-forwarding,no-pty ssh-rsa AAAAB3....
    

    (newlines are spurious, the above is a single line). All the parameters are required to get as secure a connection as possible.

The above steps end up making alex able to automatically log in to sdf-eu.org with my username to just echo the $SSH_CLIENT variable into the file alex.IP, stored at my home directory. That variable has no more than the IP of the ‘active’ ssh client: in this specific case, alex‘s IP.

Thus, I get an update of the IP every 5 minutes (which may be overkill, but I really need to be sure I can connect to alex at almost any time).

And here come the inverted commas. Whenever I want to log in to alex, I ssh sdf and connect from there:

 sdf $ ssh myself@`cat alex.IP`

the command inside the inverted commas gets replaced by its output, which is alex‘s current IP.

Hope this helps.

Improvements are welcome.

1 Comment

speak up

Add your comment below, or trackback from your own site.

Subscribe to these comments.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*Required Fields