ssh with password
 

Hi,

I want to make a crontab that connects via ssh to a host with login and password that I desire, could you please help ?

Thank you in advance,
Adnan

This should help. It is best to setup passphrases and then add to ssh-agent. Once setup then you login with username and passphrase is automatically sent from the ssh-agent tool.

Brian

Adnan,

There are two ways to do what you want. One involves a stored password, and one does not. Both are non-interactive, meaning that they can work when you're not there to enter a password.

First Method
The way that does not require a password. You can use public/private key authentication instead of passwords with SSH. I'm going to assume that you're using OpenSSH, which comes with practically every Linux distribution that there is.

1. Configure your SSH server to accept private key logins. In /etc/ssh/sshd_config make sure that there's a line that says PubkeyAuthentication yes (and that there is no # infront of it). If you change this file, you need to restart the sshd service. If you're not sure, stop and ask somebody here before you break it.
2. On your local machine (not the server), create yourself a pair of keys with ssh-keygen -t rsa (you can use other options than rsa, but I'm keeping it simple). Do not specify a password. Save the keys in the locations prompted.
3. Open the contents of the id_rsa.pub file that you just created (it's one very long line of text), and copy the contents into the end of the file $HOME/.ssh/authorized_keys on the server machine. Create the file if it doesn't exist.

Now you should be able to ssh user@remote.host without a password. If that works, you can use it in scripts, etc. Because you have a private key with no password to protect it, it's important that you make sure that nobody gets their grubby hands on your id_rsa file. They can have the id_rsa.pub file (it's public, you see) but the other one's your precious.

If you think somebody has a copy of your id_rsa file, you can delete the line that you added to authorized_keys on the server, to disable that key.

FURTHER READING (Daniel Robbins at ibm.com)

Second method
If you thought that was complicated, you wait till you've tried to get this one working. The basic idea is to use expect, which is an administration automation tool, to type your password in to ssh when prompted. It might not always work, and when it doesn't, it's hard to figure out why not. I recommend the first method.

Anyway, here's a command that you can poke at until it does what you want:
Expect might not be installed on your system. That's the first hurdle, although most distributions have it easily available. You need to modify user@remote.host to your remote username and hostname. You need ot make sure that ssh prompts for a password using the letters "assword"; if not, that needs changing to something that does appear. You need to change "passphrase" to whatever the password is.

Problem here is doing the scripting. You can either have expect type in further commands, or you can list them as a parameter to ssh in that spawn command (just before the semicolon ; ). It might never work properly for you; again, I recommend the first method.

FURTHER READING (various at nist.gov)

If you have any trouble, always ask. Losing the ssh server on a computer that's far away due to a typo is really, really annoying. Do back up any files you modify, preferably before you modify them.

I want to push my ssh public key to 350 servers. For that I need to create a directory in my $HOME/.ssh2 and scp my keys from the central login server to these servers through the script.

Can expect be used to create that remote directory and scp files to the servers also ?

Please advise.

Thank you
 

As we say in Sweden... Tusen Tack!

File permissions for authorized_keys
 

Don't forget -

authorized_keys must possess proper Unix permissions!

chmod 600 ~/.ssh/authorized_keys

If the authorized_keys or authorized_keys2 file has the incorrect permissions it will not authenticate with your ssh-rsa key but instead still require a password. If you are having trouble configuring SSH keys you should check the /var/log/secure file to see if there is an error displaying in that log. You may see the error displayed below.

Error: Authentication refused: bad ownership or modes for file .ssh/authorized_keys

If you see this error it means that the authorized_keys or authorized_keys2 file has the incorrect ownership or permissions. Make sure that the authorized_keys file is owned by the user that will be logged into and the permissions are 600. So if the username is backup you would want the file to look like the below when issuing the “ls -alh” command.

view source
print?
1 -rw------- 1 backup backup 409 Mar 23 19:56 authorized_keys

Hey all, this is late but I just had to get this in there for future readers...

This is a basic RHCT level command...
ssh-copy-id is packaged with openssh.