Update key_setup.sh - adding comments from Randy's demo

key_setup.sh

@@ -3,14 +3,25 @@
 PORT=22003
 MACHINE=paffenroth-23.dyn.wpi.edu
 
+# Clean up from previous runs
+# ssh-keygen -f "/home/rcpaffenroth/.ssh/known_hosts" -R "[${MACHINE}]:${PORT}
+
+
+
 # login using student-admin key
-ssh -i student_admin -p {PORT} student-admin@{MACHINE}
+ssh -i student_admin -p ${PORT} student-admin@${MACHINE}
+
+#copy the key to the tmp directory 
+
+
+
+#possibly have to rm known_hosts in ssh at some point to prevent an error
 
 # move directories
-cd .ssh
+#cd .ssh
 
 # open the authorized_keys file
-nano authorized_keys
+less authorized_keys
 
 # add our key to the authorized_keys file
 cat my_key2.pub > authorized_keys
@@ -23,3 +34,70 @@ ls -l authorized_keys
 cat authorized_keys
 
 #WANT TO PUT A CHECK ON THE PERMISSIONS
+
+
+
+
+
+
+
+#NOTES FROM RANDY'S DEMO: 
+
+<<comment1 (this starts a block comment)
+this block removes the old key (known-hosts) from the old machine
+also it's called item potency and he thinks this should go at the botom (how this works without wiping the vm so we can't login I don't know)
+ssh-keygen -f "/home/rcpaffenroth/.ssh/known_hosts" -R "[paffenroth-23.dyn.wpi.edu]:21003"
+rm -rf tmp
+
+
+constructing an authorized keys file locally and then checking it before copying it over
+cat > says take this and erase it if it exists and then create it and add the file
+cat >> says don't erase it just append this thing to it
+the >> is for testing so that the other key will be in there and you don't brick your machine, but for the actual thing you want to use >
+
+randy says we should put a pause in this, but I don't know how we check it if not just visually? and this is supposed to be automated?
+he says put a "do you mean this you crazy person?"
+echo "checking that the authorized_keys file is correct"
+ls -l authorized_keys
+cat authorized_keys
+
+this line copies the authorized_keys file
+he says it is not item potent and can't be rerun again?
+scp -i student-admin_key -P ${PORT} -o StrictHostKeyChecking=no authorized_keys student-admin@${MACHINE}:~/.ssh/
+
+ohhhhh so this block makes it so that you don't have to type the password for the key more than once 
+you type it once and it adds the key to a database, that's why we're adding the private key
+# Add the key to the ssh-agent
+eval "$(ssh-agent -s)"
+ssh-add mykey
+
+he says this is dumb because it only checks it if it's right
+# Check the key file on the server
+echo "checking that the authorized_keys file is correct"
+ssh -p ${PORT} -o StrictHostKeyChecking=no student-admin@${MACHINE} "cat ~/.ssh/authorized_keys"
+
+Remaining Questions: 
+1. Why does he bother copying over the student-admin key to the new directory and changing the permissions? 
+2. How does the password thing really work here? Same thing with the pause - 
+  if it's supposed to be completely automated where if the server goes down at 2 am we can get it back up, 
+  then doesn't this require human intervention to type in the password or approve the authorized_keys? 
+3. If we put the cleanup line at the end, it must just delete known_users, which is fine because we already know it works with that deleted? 
+
+
+
+comment1 (this ends the block comment)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+