Originally Posted by adnanm
I want to make a crontab that connects via ssh to a host with login and password that I desire, could you please help ?
There are two ways to do what you want. One involves a stored password, and one does not. Both are non-interactive, meaning that they can work when you're not there to enter a password.
The way that does not require a password. You can use public/private key authentication instead of passwords with SSH. I'm going to assume that you're using OpenSSH, which comes with practically every Linux distribution that there is.
- Configure your SSH server to accept private key logins. In /etc/ssh/sshd_config make sure that there's a line that says PubkeyAuthentication yes (and that there is no # infront of it). If you change this file, you need to restart the sshd service. If you're not sure, stop and ask somebody here before you break it.
- On your local machine (not the server), create yourself a pair of keys with ssh-keygen -t rsa (you can use other options than rsa, but I'm keeping it simple). Do not specify a password. Save the keys in the locations prompted.
- Open the contents of the id_rsa.pub file that you just created (it's one very long line of text), and copy the contents into the end of the file $HOME/.ssh/authorized_keys on the server machine. Create the file if it doesn't exist.
Now you should be able to ssh firstname.lastname@example.org
without a password. If that works, you can use it in scripts, etc. Because you have a private key with no password to protect it, it's important that you make sure that nobody gets their grubby hands on your id_rsa file. They can have the id_rsa.pub file (it's public, you see) but the other one's your precious.
If you think somebody has a copy of your id_rsa file, you can delete the line that you added to authorized_keys on the server, to disable that key.
(Daniel Robbins at ibm.com)
If you thought that was complicated, you wait till you've tried to get this one working. The basic idea is to use expect
, which is an administration automation tool, to type your password in to ssh when prompted. It might not always work, and when it doesn't, it's hard to figure out why not. I recommend the first method.
Anyway, here's a command that you can poke at until it does what you want:
expect -c 'spawn ssh email@example.com ; expect assword ; send "passphrase\n" ; interact'
Expect might not be installed on your system. That's the first hurdle, although most distributions have it easily available. You need to modify firstname.lastname@example.org
to your remote username and hostname. You need ot make sure that ssh prompts for a password using the letters "assword"; if not, that needs changing to something that does appear. You need to change "passphrase" to whatever the password is.
Problem here is doing the scripting. You can either have expect type in further commands, or you can list them as a parameter to ssh in that spawn command (just before the semicolon ; ). It might never work properly for you; again, I recommend the first method.
(various at nist.gov)
If you have any trouble, always ask. Losing the ssh server on a computer that's far away due to a typo is really, really annoying. Do back up any files you modify, preferably before you modify them.