Re: ssh-keygen & other things

[Timothy Sven Nelson]

On Mon, 13 Sep 2004, "Sami J. Mäkinen" wrote:

> Thomas Glanzmann wrote:
> > > I want to run ssh-keygen if /root/.ssh/id_dsa.pub doesn't exist.
>
> > use the startup scripts of your distributor, if they don't support that,
> > fix them.
>
> Often, it might be a bad idea to tamper with init scripts
> provided by your distributor/vendor. Your fixed script might be
> overwritten with a update, for example. It is always a good idea
> to make a copy of your own, like this on a red hat system:
>
> cd /etc/init.d
> cp sshd sshd.my
> vi sshd.my
> chkconfig --del sshd
> chkconfig --add sshd.my
>
> (this example was stupid because there is really nothing
> wrong with sshd init script provided by red hat)

	What if you modify them with editfiles?  And, at least on Redhat, 
if you keep the output from your RPM update, it will usually tell you 
something like "/etc/init.d/sshd installed as /etc/init.d/sshd.rpmnew".

> ....or run a shellcommand from cfengine to achieve this, like
>
> "/bin/sh -c '[ -f /root/.ssh/id_dsa.pub ] || ssh-keygen blaa blaa'"
>
> Even though cfengine is good and ver useful, you should still remember
> that simple sh onliners are often the most straightforward
> and readable way to do certain things.

	Ok :).  When i wrote this, I was thinking that one of Mark's 
purposes in writing cfengine was to eliminate the large number of if 
statements found in shell scripts, so I thought that there might be some 
other way of doing this.

--
Tim Nelson
Server Administrator
WebAlive Technologies Global
Level 1 Innovation Building, Digital Harbour
1010 LaTrobe Street
Docklands, Melbourne, 
Vic, 3008
Phone: +61 3 9934 0812
Fax: +61 3 9934 0899
E-mail: tim.nelson@webalive.biz
http://www.webalive.biz/