<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Agent Functionality using SSH — Bcfg2 1.3.0 documentation</title> <link rel="stylesheet" href="../_static/default.css" type="text/css" /> <link rel="stylesheet" href="../_static/pygments.css" type="text/css" /> <script type="text/javascript"> var DOCUMENTATION_OPTIONS = { URL_ROOT: '../', VERSION: '1.3.0', COLLAPSE_INDEX: false, FILE_SUFFIX: '.html', HAS_SOURCE: true }; </script> <script type="text/javascript" src="../_static/jquery.js"></script> <script type="text/javascript" src="../_static/underscore.js"></script> <script type="text/javascript" src="../_static/doctools.js"></script> <script type="text/javascript" src="../_static/sidebar.js"></script> <link rel="shortcut icon" href="../_static/favicon.ico"/> <link rel="top" title="Bcfg2 1.3.0 documentation" href="../index.html" /> <link rel="up" title="The Bcfg2 Client" href="index.html" /> <link rel="next" title="Client Debugging" href="debugging.html" /> <link rel="prev" title="Client Metadata" href="metadata.html" /> <link rel="stylesheet" href="../_static/bcfg2.css" type=""/> </head> <body> <div style="text-align: left; padding: 10px 10px 15px 15px"> <a href="../index.html"><img src="../_static/bcfg2_logo.png" border="0" alt="sampledoc"/></a> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../genindex.html" title="General Index" accesskey="I">index</a></li> <li class="right" > <a href="../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="debugging.html" title="Client Debugging" accesskey="N">next</a> |</li> <li class="right" > <a href="metadata.html" title="Client Metadata" accesskey="P">previous</a> |</li> <li><a href="../index.html">home</a> | </li> <!--<li><a href="../search.html">search</a> | </li>--> <li><a href="../help/index.html">help</a> | </li> <li><a href="../contents.html">documentation </a> »</li> <li><a href="../contents.html" >Bcfg2 documentation 1.3.0</a> »</li> <li><a href="index.html" accesskey="U">The Bcfg2 Client</a> »</li> </ul> </div> <div class="document"> <div class="documentwrapper"> <div class="bodywrapper"> <div class="body"> <div class="section" id="agent-functionality-using-ssh"> <span id="client-agent"></span><h1>Agent Functionality using SSH<a class="headerlink" href="#agent-functionality-using-ssh" title="Permalink to this headline">¶</a></h1> <p>The Bcfg2 agent code provides the ability to trigger a client update from the server using a secure mechanism that is restricted to running the Bcfg2 client with the options the agent was started with. This same capability is provided by SSH keypairs, if properly configured. Setup is pretty easy:</p> <ol class="arabic"> <li><p class="first">Create an ssh keypair that is to be used solely for triggering Bcfg2 client runs. This key may or may not have a password associated with it; a keyphrase will make things more secure, but will require a person to enter the key passphrase, so it will not be usable automatically.:</p> <div class="highlight-python"><pre>$ ssh-keygen -t dsa -b 1024 -f /path/to/key -N "" Generating public/private dsa key pair. Your identification has been saved in /path/to/key. Your public key has been saved in /path/to/key.pub. The key fingerprint is: aa:25:9b:a7:10:60:f3:eb:2b:ae:4b:1a:42:1b:63:5d desai@ubik</pre> </div> </li> <li><p class="first">Add this public key to root’s authorized_keys file, with several commands prepended to it:</p> <div class="highlight-python"><pre>command="/usr/sbin/bcfg2 -q <other options>",no-port-forwarding,no-X11-forwarding,no-pty,no-agent-forwarding,from="<bcfg2-server ipaddr>" <pub key></pre> </div> <p>This key is now only useful to call the Bcfg2 client, from the Bcfg2 server’s ip address. If PermitRootLogin was set to no in sshd_config, you will need to set it to forced-commands-only. Adding a & to the end of the command will cause the command to immediately return.</p> </li> <li><p class="first">Now, to cause a client to reconfigure, call:</p> <div class="highlight-python"><pre>$ ssh -i /path/to/key root@client /usr/sbin/bcfg2</pre> </div> <p>Note that you will not be able to alter the command line options from the ones specified in authorized_keys in any way. Also, it is not needed that the invocation of Bcfg2 in the ssh command match. The following will have the same result.:</p> <div class="highlight-python"><pre>$ ssh -i /path/to/key root@client /bin/true</pre> </div> <p>If a passphrase was used to create the keypair, then it will need to be entered here.</p> </li> </ol> <div class="section" id="see-also"> <h2>See Also<a class="headerlink" href="#see-also" title="Permalink to this headline">¶</a></h2> <p><a class="reference external" href="http://blog.ganneff.de/blog/2007/12/29/ssh-triggers.html">SSH “triggers”</a> (from Ganneff’s Little Blog)</p> </div> </div> </div> </div> </div> <div class="sphinxsidebar"> <div class="sphinxsidebarwrapper"> <h3><a href="../index.html">Table Of Contents</a></h3> <ul> <li><a class="reference internal" href="#">Agent Functionality using SSH</a><ul> <li><a class="reference internal" href="#see-also">See Also</a></li> </ul> </li> </ul> <h4>Previous topic</h4> <p class="topless"><a href="metadata.html" title="previous chapter">Client Metadata</a></p> <h4>Next topic</h4> <p class="topless"><a href="debugging.html" title="next chapter">Client Debugging</a></p> <h3>This Page</h3> <ul class="this-page-menu"> <li><a href="../_sources/client/agent.txt" rel="nofollow">Show Source</a></li> </ul> <div id="searchbox" style="display: none"> <h3>Quick search</h3> <form class="search" action="../search.html" method="get"> <input type="text" name="q" /> <input type="submit" value="Go" /> <input type="hidden" name="check_keywords" value="yes" /> <input type="hidden" name="area" value="default" /> </form> <p class="searchtip" style="font-size: 90%"> Enter search terms or a module, class or function name. </p> </div> <script type="text/javascript">$('#searchbox').show(0);</script> </div> </div> <div class="clearer"></div> </div> <div class="related"> <h3>Navigation</h3> <ul> <li class="right" style="margin-right: 10px"> <a href="../genindex.html" title="General Index" >index</a></li> <li class="right" > <a href="../py-modindex.html" title="Python Module Index" >modules</a> |</li> <li class="right" > <a href="debugging.html" title="Client Debugging" >next</a> |</li> <li class="right" > <a href="metadata.html" title="Client Metadata" >previous</a> |</li> <li><a href="../index.html">home</a> | </li> <!--<li><a href="../search.html">search</a> | </li>--> <li><a href="../help/index.html">help</a> | </li> <li><a href="../contents.html">documentation </a> »</li> <li><a href="../contents.html" >Bcfg2 documentation 1.3.0</a> »</li> <li><a href="index.html" >The Bcfg2 Client</a> »</li> </ul> </div> <div class="footer"> © Copyright 2009-2013, Narayan Desai. Last updated on Mar 20, 2013. Created using <a href="http://sphinx.pocoo.org/">Sphinx</a> 1.1.3. </div> </body> </html>