[K12OSN] remote home directories/CRON?SSH
Les Mikesell
les at futuresource.com
Fri Sep 9 05:11:01 UTC 2005
On Thu, 2005-09-08 at 21:51, Sudev Barar wrote:
> >
> > From the machine initiating connection (one that is running cron) as root:
> > $ssh-keygen -t dsa
> > (see man for details but fairly simple, I choose dsa)
> >
> > $scp .ssh/id_dsa.pub TARGET:/root/.ssh/.
> >
> > Next time you ssh in to TARGET this should not ask you for password.
> > Now you can put everyting into cron.
> > If needed you should have logged into TARGET and made directory .ssh
> > before hand in /root Same can be done for "user" if only user CRON is
> > to be run effecting user directories.
>
> SORRY, made a goof up.
> First log into TARGET machine. Generate key pair there and scp this to
> INITIATOR machine (from where cron is to run). ALWAYS generate key
> pair in target machine and put the public part of the key on the
> initiator.
You had it almost right the first time. The key pairs are
generated on the initiating machine but you copy the
public key to /root/.ssh/authorized_keys2 on the target
machine (actually you append to this file but if there
is only one key it won't matter). If you want it to
run under cron you need to use an empty passphrase
when you create the keys.
Conceptually, what happens is that the ssh program
(connecting client) must have read access to the
private key, and the target sshd uses the public
key to make it prove that before accepting who
it says it is. Ssh is very picky about permissions
on the .ssh directory and above - for good reasons.
If you have trouble with a passwordless connection
you might find the reason by using ssh -v or
by looking at /var/log/secure on the server side.
--
Les Mikesell
les at futuresource.com
More information about the K12OSN
mailing list