RE: [SLE] Script doing tons of scp jobs.
-----Original Message----- From: pelibali [mailto:pelibali@freemail.hu] Sent: Tuesday, November 01, 2005 4:38 PM To: SUSE e-list Subject: [SLE] Script doing tons of scp jobs.
Hi, I have a working, but extremely user-annoying bash-script, consis- ting of 20-25 scp lines combined with few "ssh hostname 'command'" -type commands. Is there please an easier way to achieve the above scp/ssh jobs without to be asked for the password several (=many) times? I wouldn't like to change ssh's default behaviour for asking pass- word(s), even for root; but started to be very annoyed by my own idea to make such a script to "accelerate" my todos. Please help:)
Thanks, Pelibali
Key Exchange authentication is probably what you're looking for. Basically, allows a user on serverA to be trusted to authenticate as a certain user on serverB. The steps, briefly: 1) serverA: `ssh-keygen -t dsa` and hit enter a couple of times to save the key, with the default file names and etc, to ~/.ssh/ 2) serverA: `scp ~/.ssh/id_dsa.pub destinationuser@serverB` 3) serverB: `cat ~/id_dsa.pub >> .ssh/authorized_keys2` 4) serverA: `ssh destinationuser@serverB` and watch the connection happen without requesting a password. Key Exchange is good, wonderful, and secure _assuming_ that you have good physical security on your machines. That's a very, very key point. Don't share a key from your laptop, say, to a server that's accessible to the outside world on port 22.
Hi, On Tue, 1 Nov 2005 16:44:52 -0500 "Marlier, Ian" <.> wrote:
Key Exchange authentication is probably what you're looking for. Basically, allows a user on serverA to be trusted to authenticate as a certain user on serverB.
The steps, briefly:
1) serverA: `ssh-keygen -t dsa` and hit enter a couple of times to save the key, with the default file names and etc, to ~/.ssh/
2) serverA: `scp ~/.ssh/id_dsa.pub destinationuser@serverB`
3) serverB: `cat ~/id_dsa.pub >> .ssh/authorized_keys2`
4) serverA: `ssh destinationuser@serverB` and watch the connection happen without requesting a password.
Thanks a lot for the info; your answer not only solved my scp-related problems, but the easily understandable language let me (and also pro- bably others) _learn_. For this later special thanks:) Now just few short additional questions please: 1) What would happen, if I define a pass-phrase? Would that be the 'password', which would allow me to log in instead the user's pass- word? 2) I have now Comp-A ~/.ssh/id_dsa ~/.ssh/id_dsa.pub Comp-B (~/id_dsa.pub) -> guessing that this is now removable. ~/.ssh/authorized_keys2 I guess in the future I will need all of the above three files in order to have communication between these machines in _one_ direction, by a single user. Right? 3) I have all of my ssh_config and sshd_config-s modified, that exclu- sively ssh2 should be used, so do I still need the 2 at the end of the above filename? Or was that please just a typo? In fact both ways (authorized_keys and authorized_keys2) work, that's why I'm asking. Thanks, Pelibali
participants (2)
-
Marlier, Ian -
pelibali