On Monday 11 March 2002 10:04 pm, Steven Augart wrote:
Kevin Donnelly wrote:
I want to have a script shift some files from one part of a webserver to another, and it therefore needs to use ssh. I usually login using: ssh -l <username>
and then give the password. I assume it's not possible to do this in the script, so I tried using ssh-keygen to generate a public/private keypair. I then uploaded $HOME/.ssh/identity.pub to $HOME/.ssh/authorized_keys on the webserver. I was under the impression that this would allow login without asking for the password (from the manpage: "After this, the user can log in without giving the password."). But in fact I am still asked for the passphrase. Is this because the user I am locally is different from the user I am on the webserver? Have I missed something out? TIA
Kevin
I just attempted what I think you tried manually and it worked fine for me. Are you also unable to do this manually?
No, I did this as above, manually, and got asked for the password.
I assume needless to say, you saved the new keypair as ~/.ssh/identity on the account you're testing from? (ssh -i ~/.ssh/<insecure-private-key-file> also works).
Yes.
Are you ever able to log in without typing the account's password to the target host? (i.e., has ssh-agent ever enabled you to log in there without retyping the password each time you log in?)
Yes, I am always asked, but this may be because ssh-agent is not available or not running or not set up on the webserver. I didn't know about ssh-agent before, so Togan and you have given me more to think about! I am reading the man pages at the moment, in between deep gulps of breath!
Make sure that the permissions on the target's authorized_keys and identity file are 600 or 400,and that the permissions on the target's .ssh are 700. Those should take care of the most paranoid /etc/ssh/sshd_config.
This is very useful - thanks. I will try this, and some ssh-agent experiments.
If you can read /etc/ssh/sshd_config on the target machine, it may be helpful.
The site is on a virtual host, and this file isn't available. In the meantime, I've got the problem that the ssh login keeps kindly presenting me with a shell prompt, so of course the rest of the script doesn't execute. What's the best way of getting the script to ignore it and go on to run a shell command directly? I've tried sending the login to /dev/null, using && for the next command, putting login and command in brackets, separated by semi-colon, and a few other things in David Tansley's Linux and Unix Shell Programming book, but no luck. Thanks Kevin