On Monday 11 March 2002 10:04 pm, Steven Augart wrote:
Kevin Donnelly wrote:
I want to have a script shift some files from one part of a webserver to another, and it therefore needs to use ssh. I usually login using: ssh -l <username>
and then give the password. I assume it's not possible to do this in
script, so I tried using ssh-keygen to generate a public/private keypair. I then uploaded $HOME/.ssh/identity.pub to $HOME/.ssh/authorized_keys on the webserver. I was under the impression that this would allow login without asking for the password (from the manpage: "After this, the user can log in without giving the password."). But in fact I am still asked for the passphrase. Is this because the user I am locally is different from the user I am on the webserver? Have I missed something out?
TIA
Kevin
I just attempted what I think you tried manually and it worked fine for me. Are you also unable to do this manually?
No, I did this as above, manually, and got asked for the password.
I assume needless to say, you saved the new keypair as ~/.ssh/identity on the account you're testing from? (ssh -i ~/.ssh/<insecure-private-key-file> also works).
Yes.
Are you ever able to log in without typing the account's password to the target host? (i.e., has ssh-agent ever enabled you to log in there without retyping the password each time you log in?)
Yes, I am always asked, but this may be because ssh-agent is not available or not running or not set up on the webserver. I didn't know about ssh-agent before, so Togan and you have given me more to think about! I am reading
You might take a look at:
http://www-106.ibm.com/developerworks/library/l-keyc.html
about openSSH key management. This is part 1 of 3. Interesting stuff.
Greetz,
Gert Caers aka zonderH
----- Original Message -----
From: "Kevin Donnelly"
man pages at the moment, in between deep gulps of breath!
Make sure that the permissions on the target's authorized_keys and identity file are 600 or 400,and that the permissions on the target's .ssh are 700. Those should take care of the most paranoid /etc/ssh/sshd_config.
This is very useful - thanks. I will try this, and some ssh-agent experiments.
If you can read /etc/ssh/sshd_config on the target machine, it may be helpful.
The site is on a virtual host, and this file isn't available.
In the meantime, I've got the problem that the ssh login keeps kindly presenting me with a shell prompt, so of course the rest of the script doesn't execute. What's the best way of getting the script to ignore it and go on to run a shell command directly?
I've tried sending the login to /dev/null, using && for the next command, putting login and command in brackets, separated by semi-colon, and a few other things in David Tansley's Linux and Unix Shell Programming book, but no luck.
Thanks
Kevin
-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com