LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 03-01-2007, 03:49 PM   #1
adnanm
Member
 
Registered: Dec 2004
Location: Bosnia and Herzegowina
Distribution: Centos, FreeBSD
Posts: 49

Rep: Reputation: 15
ssh with password


Hi,

I want to make a crontab that connects via ssh to a host with login and password that I desire, could you please help ?

Thank you in advance,
Adnan
 
Click here to see the post LQ members have rated as the most helpful post in this thread.
Old 03-01-2007, 04:04 PM   #2
Brian1
Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 61
This should help. It is best to setup passphrases and then add to ssh-agent. Once setup then you login with username and passphrase is automatically sent from the ssh-agent tool.

Brian
 
Old 03-01-2007, 04:52 PM   #3
Brianetta
LQ Newbie
 
Registered: Mar 2007
Location: Newcastle upon Tyne, UK
Distribution: Trustix, Fedora, Ubuntu
Posts: 16

Rep: Reputation: 3
Quote:
Originally Posted by adnanm
I want to make a crontab that connects via ssh to a host with login and password that I desire, could you please help ?
Adnan,

There are two ways to do what you want. One involves a stored password, and one does not. Both are non-interactive, meaning that they can work when you're not there to enter a password.

First Method
The way that does not require a password. You can use public/private key authentication instead of passwords with SSH. I'm going to assume that you're using OpenSSH, which comes with practically every Linux distribution that there is.
  1. Configure your SSH server to accept private key logins. In /etc/ssh/sshd_config make sure that there's a line that says PubkeyAuthentication yes (and that there is no # infront of it). If you change this file, you need to restart the sshd service. If you're not sure, stop and ask somebody here before you break it.
  2. On your local machine (not the server), create yourself a pair of keys with ssh-keygen -t rsa (you can use other options than rsa, but I'm keeping it simple). Do not specify a password. Save the keys in the locations prompted.
  3. Open the contents of the id_rsa.pub file that you just created (it's one very long line of text), and copy the contents into the end of the file $HOME/.ssh/authorized_keys on the server machine. Create the file if it doesn't exist.
Now you should be able to ssh user@remote.host without a password. If that works, you can use it in scripts, etc. Because you have a private key with no password to protect it, it's important that you make sure that nobody gets their grubby hands on your id_rsa file. They can have the id_rsa.pub file (it's public, you see) but the other one's your precious.

If you think somebody has a copy of your id_rsa file, you can delete the line that you added to authorized_keys on the server, to disable that key.

FURTHER READING (Daniel Robbins at ibm.com)

Second method
If you thought that was complicated, you wait till you've tried to get this one working. The basic idea is to use expect, which is an administration automation tool, to type your password in to ssh when prompted. It might not always work, and when it doesn't, it's hard to figure out why not. I recommend the first method.

Anyway, here's a command that you can poke at until it does what you want:
Code:
expect -c 'spawn ssh user@remote.host ; expect assword ; send "passphrase\n" ; interact'
Expect might not be installed on your system. That's the first hurdle, although most distributions have it easily available. You need to modify user@remote.host to your remote username and hostname. You need ot make sure that ssh prompts for a password using the letters "assword"; if not, that needs changing to something that does appear. You need to change "passphrase" to whatever the password is.

Problem here is doing the scripting. You can either have expect type in further commands, or you can list them as a parameter to ssh in that spawn command (just before the semicolon ; ). It might never work properly for you; again, I recommend the first method.

FURTHER READING (various at nist.gov)

If you have any trouble, always ask. Losing the ssh server on a computer that's far away due to a typo is really, really annoying. Do back up any files you modify, preferably before you modify them.
 
3 members found this post helpful.
Old 10-29-2007, 02:38 AM   #4
avijitp
Member
 
Registered: May 2005
Location: India
Distribution: FC11, Debian/Ubuntu, RHEL, Solaris, AIX, HP-UX
Posts: 161

Rep: Reputation: 32
I want to push my ssh public key to 350 servers. For that I need to create a directory in my $HOME/.ssh2 and scp my keys from the central login server to these servers through the script.

Can expect be used to create that remote directory and scp files to the servers also ?

Please advise.
 
Old 12-20-2008, 06:52 AM   #5
ooh456
LQ Newbie
 
Registered: Oct 2005
Location: Stockholm
Posts: 1

Rep: Reputation: 0
Thank you

As we say in Sweden... Tusen Tack!

Last edited by ooh456; 12-20-2008 at 07:12 AM.
 
Old 03-25-2010, 10:44 AM   #6
lyn.evans
LQ Newbie
 
Registered: Mar 2010
Posts: 1

Rep: Reputation: 0
Smile File permissions for authorized_keys

Don't forget -

authorized_keys must possess proper Unix permissions!

chmod 600 ~/.ssh/authorized_keys

If the authorized_keys or authorized_keys2 file has the incorrect permissions it will not authenticate with your ssh-rsa key but instead still require a password. If you are having trouble configuring SSH keys you should check the /var/log/secure file to see if there is an error displaying in that log. You may see the error displayed below.

Error: Authentication refused: bad ownership or modes for file .ssh/authorized_keys

If you see this error it means that the authorized_keys or authorized_keys2 file has the incorrect ownership or permissions. Make sure that the authorized_keys file is owned by the user that will be logged into and the permissions are 600. So if the username is backup you would want the file to look like the below when issuing the “ls -alh” command.

view source
print?
1 -rw------- 1 backup backup 409 Mar 23 19:56 authorized_keys
 
Old 03-25-2011, 11:08 AM   #7
sicinthemind
LQ Newbie
 
Registered: Nov 2010
Location: Zephyrhills, FL
Distribution: Fed - 9/13/14, RHEL 5.3/4 & 6, Server 2008 R2 - Win7.
Posts: 4

Rep: Reputation: 0
Exclamation

Quote:
Originally Posted by avijitp View Post
I want to push my ssh public key to 350 servers. For that I need to create a directory in my $HOME/.ssh2 and scp my keys from the central login server to these servers through the script.

Can expect be used to create that remote directory and scp files to the servers also ?

Please advise.

Hey all, this is late but I just had to get this in there for future readers...

This is a basic RHCT level command...
Code:
ssh-copy-id -i ~/.ssh/id_rsa.pub {server{1,2,3,4,5,6,7,8,...},desktops{1,2,3,4,5,6,7,8,...}}
ssh-copy-id is packaged with openssh.
 
  


Reply

Tags
automatic, cron, ssh


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
need help with no password ssh and ssh-agent hedpe Linux - Networking 3 02-08-2007 08:49 PM
can't do password less ssh nedian123 Linux - Networking 2 06-26-2004 03:33 PM
ssh password ssudhi Linux - Newbie 6 05-13-2004 09:30 PM
SSH without password Kocil Linux - Networking 6 12-16-2003 02:59 PM
password less SSH maaand Linux - Networking 0 04-23-2002 08:13 PM


All times are GMT -5. The time now is 02:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration