[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSH Connection



Kelley Coleman med va gov wrote:
I would like to run a script on box A that connects to box B, executes a
script there, then returns to complete the original script.  The user
accounts are different on each box.  Box A user is 'oracle', box B user is
'ias'.

I tried:

ssh servername -l ias /u01/ias/scripts/test_script.sh

but I'm prompted for a password.

I tried putting the password into the script where it seems to want it, but
again, I'm prompted for a password and it processes the password in the
script as a command.

Do I need to do something in the ssh_config?  known_hosts? authorized_keys?

I'm not thrilled with the thought of having the password in a script file.
So if there's a better way, I'm all for hearing it!

Thanks in advance...

Kelley Coleman
Database Administrator
VA Health Administration Center
Denver, Colorado
303-331-7521-o
888-732-8802-p
720-319-0454-c


I have several servers that I use as hot backups of our production servers. This is what I do to automate the backups in as secure way as possible. You should be able to modify this to suit your needs.

Step 1:

Server A is the production server. Server B is the data backup. As root on server B, generate a key, and give it a unique name, and don't enter a passphrase (just hit enter):

# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /root/.ssh/id_rsa_A_backup
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa_A_backup.
Your public key has been saved in /root/.ssh/id_rsa_A_backup.pub.
The key fingerprint is:
ee:19:aa:f5:ac:62:dc:18:7d:cd:dd:9e:66:62:0d:98 root B com
#

Step 2:

Go to /root/.ssh, and ftp to A.com. Then cd to /root/.ssh/ (on A.com) and put the id_rsa_A_backup.pub file into that directory. Exit ftp.

Step 3:

Telnet into A.com, and cd to /root/.ssh/. If there is a file there called authorized_keys2, then:

Step 4:

# cat id_rsa_A_backup.pub >> authorized_keys2
#

If authorized_keys2 doesn't exist, then:

# mv id_rsa_A_backup.pub authorized_keys2
#

Step 5:

If you are doing a backup on B.com using rsync like this:

# rsync -avrz -e 'ssh -i /root/.ssh/id_rsa_A_backup' A.com:/home/ /home/A/home/

then you need to add a line to authorized_keys2 like this:

command="rsync --server -avrz . /home/"

You MUST add this line immediately before the key you added to the end of this file. This line ties the key to the command you are going to run on B.com, so that if the key is stolen, the thief can only use it to run this command. They *shouldn't* be able to get general root access to your system.

Once you do this, you can run your command on B.com and see if it works. If it does, you can put it in a cron script to run automatically (on B.com).

HTH




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]