[paramiko] automated public key auth as another user

Fri Sep 28 10:26:20 PDT 2007

Powell, Joe wrote:
> Todd,
> 
> Thank you for responding. Please pardon me if I am being dense. How do I
> create a "specified user's key" (as you state below) without creating
> that user? Here is my scenario:
> 
> A. I am user "Joe".
> B. I want to login to box 10.1.1.100 as user "Bob" without having to
> create a user named "Bob" on my box.
> C. I append Joe's public key ~/.ssh/id_rsa.pub to
> /home/Bob/.ssh/authorized_keys on 10.1.1.111. (I log in to 10.1.1.111
> without a password as Joe.) 
> D. In my paramiko script, I am unable to log in to 10.1.1.111 as Bob
> using Joe's private key file, i.e.
> auth_publickey('Bob','/home/Joe/.ssh/id_rsa').
> 
> The best I can do is:
> A. Create user Bob and a key for it on my box.
> B. Copy the key to Joe's .ssh directory as something like 'Bobs_id_rsa'.
> C. Append Bob's public key /home/Bob/.ssh/id_rsa.pub on my box to
> /home/Bob/.ssh/authorized_keys on 10.1.1.111.
> C. Specify Bob's private key, e.g. /home/Joe/.ssh/Bobs_id_rsa, in the
> script. This works but it means I have to create Bob.
> 
> Please help me see what I am missing. 
> 
> Regards,
> Joe 
> 

Hi Joe,

You may want to read up on how the public/private key system works in 
SSH (there are a lot of pages out there covering this):
   http://the.earth.li/~sgtatham/putty/0.55/htmldoc/Chapter8.html
   http://sourceforge.net/docman/display_doc.php?docid=761&group_id=1

As user Joe, you should be able to setup passwordless connections 
without having to add a Bob user to Joe's machine. I'd try to get this 
working outside of Paramiko first, simple steps are:
   http://lists.debian.org/debian-user/2007/01/msg00339.html

  1. Generate Joe's public/private key "joe_key" and "joe_key.pub"
  2. Add Joe's public key to Bob's "authorized_keys" file.
Now, when you want to login from Joe to Bob:
  3. Joe adds *his* key file to the agent "ssh-add joe_key"
  4. ssh bob at 10.1.1.100

Are you able to get the above setup working?

Cheers,
Todd