[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSH Connection



McDougall, Marshall (FSH) wrote:
You need to create keys.  It's been awhile, but it's spelled out fairly well
in the man pages for ssh-keygen.  One gotcha I remember is that the perms on
the .ssh directory need to be very tight (600 maybe).

700.

1. Create a key on A as oracle. Call it rsa_script_key and use an empty passphrase.

2. copy the contents of rsa_script_key.pub to the file <ias-home>/.ssh/authorized_keys on B.

3. Invoke ssh from A as oracle:
$ ssh -i ~/.ssh/rsa_script_key ias B -t /u01/ias/scripts/test_script.sh

.ssh directories on both ends must have permission of 700 or better or ssh will fail. You might need to play with StrictModes in sshd_config. I think with 3.0 ans above if your home directory is 755 or better StrictModes won't complain but this threshold has changed over the years.

When all else fails, check in /var/log/messages for hints.

Regards, Marshall

-----Original Message-----
From: Kelley Coleman med va gov [mailto:Kelley Coleman med va gov] Sent: Thursday, June 02, 2005 9:53 AM
To: redhat-list redhat com
Subject: SSH Connection


I would like to run a script on box A that connects to box B, executes a
script there, then returns to complete the original script.  The user
accounts are different on each box.  Box A user is 'oracle', box B user is
'ias'.

I tried:

ssh servername -l ias /u01/ias/scripts/test_script.sh

but I'm prompted for a password.

I tried putting the password into the script where it seems to want it, but
again, I'm prompted for a password and it processes the password in the
script as a command.

Do I need to do something in the ssh_config?  known_hosts? authorized_keys?

I'm not thrilled with the thought of having the password in a script file.
So if there's a better way, I'm all for hearing it!

Thanks in advance...

Kelley Coleman
Database Administrator
VA Health Administration Center
Denver, Colorado
303-331-7521-o
888-732-8802-p
720-319-0454-c

Confidentiality Note:  This e-mail is intended only for the person or entity
to which it is addressed, and may contain information that is privileged,
confidential, or otherwise protected from disclosure.  Dissemination,
distribution, or copying of this e-mail or the information herein by anyone
other than the intended recipient is prohibited.  If you have received this
e-mail in error, please notify the sender by reply e-mail, phone, or fax,
and destroy the original message and all copies. Thank you



--
Stephen Carville <stephen totalflood com>
Unix and Network Admin
Nationwide Totalflood
6033 W. Century Blvd
Los Angeles, CA 90045
310-342-3602



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]