script that use a sudo password

scasey · 10-20-2018, 05:49 PM

Quote:

Originally Posted by drudox

and one other thing ... I create a shell script just to verify the behaviour of the script :
the connection is done .. but not the follows command

That script makes the connection to the remote server. The ls command won't run until that connection ends...so won't run remotely.

Also, you've missed the final step in Turbocapitalist's instructions:

Quote:

Then if that works, the details can be put into ~/.ssh/config

Another question: Is the user on your local machine the same as the user on the remote machine? That is, are they both marco? If so, once the keys are established and configured, you should be able to just enter

Code:

ssh lab

If they aren't the same user, then the best is what you're doing

Code:

ssh marco@lab

As has been said, you need to read and understand all the documentation.

drudox · 10-20-2018, 06:30 PM

Quote:

Then if that works, the details can be put into ~/.ssh/config

sorry but until the last step everything works ... but I don't understand what I shoud do in ~/.ssh/config

scasey · 10-20-2018, 06:54 PM

Quote:

Originally Posted by drudox

sorry but until the last step everything works ... but I don't understand what I shoud do in ~/.ssh/config

see man ssh_config

Turbocapitalist · 10-21-2018, 12:59 AM

Quote:

Originally Posted by drudox

I try to ssh the marco@xxx.xxx but the machine still ask me the password!
and in the .ssh folder there is just this file :

The SSH client configuration file would be ~/.ssh/config on your desktop or whichever machine you are connecting from

Code:

cd ~/.ssh/
ls config

First, skim through the manual page for the SSH client's configuration file.

Code:

man ssh_config

Read the description section. Pay special attention to the beginning and in particular to the later paragraphs on Host, HostName, User, IdentityFile, IdentitiesOnly, ServerAliveInterval, and ServerAliveCountMax. Then when you have an overview of those particular items, add the following to the top of configuration file. (where xxx.yyy.zz.aa is the IP address or host name for your lab machine)

Code:

Host lab xxx.yyy.zz.aa
        User marco
        HostName xxx.yyy.zz.aa
        IdentityFile ~/.ssh/lab.ed25519.key
        IdentitiesOnly yes
        ServerAliveInterval 30
        ServerAliveCountMax 4

That will allow you to just type either "ssh lab" or "ssh xxx.yyy.zz.aa" and connect. The SSH client will read the configuration file and fill in the pieces.

Code:

ssh lab 'ls; uname -a; lsb_release -rd; whoami;'

Setting up the configuration file for the second machine will be similar, but with the addition of the ProxyCommand configuration directive as show above in post #8.

This kind of configuration process is why there used to be IT departments and professional system administrators but those days are gone, at least for a while. Sadly the money is not freed up just used by M$ and Cisco resellers instead.

drudox · 10-21-2018, 11:15 AM

sorry maybe I'm little bit losrt ... but in tha man sayd that the file .ssh/config sould be automatric created

Please help me :"(

Turbocapitalist · 10-21-2018, 11:19 AM

You can edit the file in your favorite editor. Any of geany, leafpad, mousepad, gedit, scite, or kate work, if they are on your system. Or even nano:

Code:

nano ~/.ssh/config

drudox · 10-21-2018, 11:24 AM

you mean created it from scratch ??
can yhou help me aboiut ? I'm going crazy ...
from what I've understood th file

Code:

.ssh/config

should be something similar to

Quote:

Host lab xxx.yyy.zz.aa
User marco
HostName xxx.yyy.zz.aa
IdentityFile ~/.ssh/lab.ed25519.key
IdentitiesOnly yes
ServerAliveInterval 30
ServerAliveCountMax 4

this is for the host right ? in my case for the lab machine ???

Turbocapitalist · 10-21-2018, 11:36 AM

Yes, though it helps to keep the indentation. It will be easier to read once you start adding the nodes. Give it a try and see if you can do "ssh lab" now.

drudox · 10-21-2018, 11:43 AM

ok now this is my .ssh/office (for the lab machine)

Code:

Host lab 130.159.43.40
        User marco
        HostName 130.159.43.40
        IdentityFile ~/.ssh/office.ed25519.key
        IdentitiesOnly yes
        ServerAliveInterval 30
        ServerAliveCountMax 4
------------------------------------------------------------

I've change in the auth file from lab to office ...
I've tried to give:

Code:

ssh lab
Enter passphrase for key '/home/marco/.ssh/office.ed25519.key': 
marco@130.159.43.40's password:

why ??

Turbocapitalist · 10-21-2018, 11:46 AM

Does "IdentityFile ~/.ssh/office.ed25519.key" point to the right key?

Also, will your script run completely unattended?

drudox · 10-21-2018, 11:54 AM

yes :

this is from the host :

Code:

~ » la .ssh                                                                                                                                                                                           marco@i7-Arch
totale 20K
-rw-r--r-- 1 marco users 351 21 ott 00.03 known_hosts
-rw------- 1 marco users 411 20 ott 23.53 office.ed25519.key
-rw-r--r-- 1 marco users  98 20 ott 23.53 office.ed25519.key.pub
-rw------- 1 marco users 411 20 ott 23.59 poseidonia.ed25519.key
-rw-r--r-- 1 marco users 102 20 ott 23.59 poseidonia.ed25519.key.pub

and this from the server :

Code:

~ » la .ssh 
-rw------- 1 marco marco 294 Oct 20 23:53 authorized_keys
-rw-r--r-- 1 marco marco 208 Oct 21 17:37 config
-rw-r--r-- 1 marco marco 175 Oct 20 23:37 known_hosts
-rw------- 1 marco marco 464 Oct 20 23:37 office.ed25519.key
-rw-r--r-- 1 marco marco  98 Oct 20 23:37 office.ed25519.key.pub

I'm sure that the keys are correct because I create a simple scrip :

Code:

#!/bin/bash

ssh -i ~/.ssh/office.ed25519.key marco@130.159.43.40

------------------------------------------------------------

who create the connection .. without any password

Turbocapitalist · 10-21-2018, 12:01 PM

Quote:

who create the connection .. without any password

Excellent. That's big progress.

Please check that the configuration on the machine you are connecting from is ok:

Code:

ssh -G lab

drudox · 10-21-2018, 12:03 PM

Code:

~ » ssh -G lab                                                                         marco@i7-Arch
user marco
hostname lab
port 22
addkeystoagent false
addressfamily any
batchmode no
canonicalizefallbacklocal yes
canonicalizehostname false
challengeresponseauthentication yes
checkhostip yes
compression no
controlmaster false
enablesshkeysign no
clearallforwardings no
exitonforwardfailure no
fingerprinthash SHA256
forwardagent no
forwardx11 no
forwardx11trusted no
gatewayports no
gssapiauthentication no
gssapidelegatecredentials no
hashknownhosts no
hostbasedauthentication no
identitiesonly no
kbdinteractiveauthentication yes
nohostauthenticationforlocalhost no
passwordauthentication yes
permitlocalcommand no
proxyusefdpass no
pubkeyauthentication yes
requesttty auto
streamlocalbindunlink no
stricthostkeychecking ask
tcpkeepalive yes
tunnel false
verifyhostkeydns false
visualhostkey no
updatehostkeys false
canonicalizemaxdots 1
connectionattempts 1
forwardx11timeout 1200
numberofpasswordprompts 3
serveralivecountmax 3
serveraliveinterval 0
ciphers chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
hostkeyalgorithms ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
hostbasedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
kexalgorithms curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
loglevel INFO
macs umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
pubkeyacceptedkeytypes ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519,rsa-sha2-512,rsa-sha2-256,ssh-rsa
xauthlocation /usr/bin/xauth
identityfile ~/.ssh/id_rsa
identityfile ~/.ssh/id_dsa
identityfile ~/.ssh/id_ecdsa
identityfile ~/.ssh/id_ed25519
identityfile ~/.ssh/id_xmss
canonicaldomains
globalknownhostsfile /etc/ssh/ssh_known_hosts /etc/ssh/ssh_known_hosts2
userknownhostsfile ~/.ssh/known_hosts ~/.ssh/known_hosts2
connecttimeout none
tunneldevice any:any
controlpersist no
escapechar ~
ipqos af21 cs1
rekeylimit 0 0
streamlocalbindmask 0177
syslogfacility USER
------------------------------------------------------------

thankj you so much for your precious support

Turbocapitalist · 10-21-2018, 12:09 PM

Ok. It looks like there is no SSH client configuration file on the machine you are connecting from. You can edit ~/.ssh/config on that machine and add the items show earlier. Then give it a try:

Code:

ssh -G lab
ssh lab

drudox · 10-21-2018, 12:13 PM

ok .. but my machine have no a static IP addr ! soi which

Code:

HostName

I have to give there ?

and also in the firstline :

Code:

Host lab 130.159.43.40

which name and ip I've to put in the .ssh/config