SSH in BatchMode

Manuel Arostegui Ramirez manuel at todo-linux.com
Tue May 23 10:38:26 UTC 2006 

El Martes 23 Mayo 2006 12:34, Vikas Rawat escribió:
> Thanks guys for the overwhelming response. Finally I got it working. For
> the interested people, the issue was with the ownership of the home
> directory for the root account. See below
>
> - EARLIER was
> drwx------   9 vikas.rawat   coe            4096 May 23 14:59 coe
>
> - MODIFIED to
> drwx------   9 root          coe            4096 May 23 15:00 coe
>
> This works.
>
> Regards,
> Vikas


That's very common slip-up

Finally you got it, congratulations :-)

Manuel.

>
> Here is a clearly defined process from one of my colleagues (Prashant
> Lal) for doing the same.
> ------------------------------------------------------------------------
> ----------------------
>
> Host machine: rhythm
> Remote machine: blrqmail
>
> 1. Generate key on host machine. This is for the user id 'lalp', change
> to the uid you want to create a key for
>
> [lalp at rhythm .ssh]$ ssh-keygen -d
> Generating public/private dsa key pair.
> Enter file in which to save the key (/home/lalp/.ssh/id_dsa):  "press
> ENTER here"
> Enter passphrase (empty for no passphrase):
> "press ENTER here"
> Enter same passphrase again:
> "press ENTER here"
> Your identification has been saved in /home/lalp/.ssh/id_dsa.
> Your public key has been saved in /home/lalp/.ssh/id_dsa.pub.
> The key fingerprint is:
> 2d:c3:13:b8:38:65:dc:f7:cd:a3:d5:80:4e:32:54:93 lalp at rhythm
>
> Now your keys are generated. We have not given any passphrase instead we
> have pressed the enter because to perform the automated scripted
> operations on the remote machine.
>
>
> 2. Copy the id_dsa.pub file as authorized_keys from the host machine to
> remote machine (into the home folder of the uid i.e.
> <blrqmail>/home/lalp in this case)
>
> [lalp at rhythm .ssh]$ scp /home/lalp/.ssh/id_dsa.pub
> lalp at blrqmail:/home/lalp/.ssh/authorized_keys
>
> CAUTION: This would overwrite your existing file. If you want to add to
> your file, copy to some other location and append to this. Try this on
> the host machine [lalp at rhythm .ssh]$ scp /home/lalp/.ssh/id_dsa.pub
> lalp at blrqmail:/home/lalp/.ssh/lalp.rhythm.id_dsa.pub
> On the remote machine
> [lalp at blrqmail .ssh]$ cat lalp.rhythm.id_dsa.pub >> authorized_keys
>
> Note: If you are logging into the remote machine for the first time
> using SSH, you will be asked to save the remote machine's certificate.
> Please accept and save it.
>
> 3. Now check the permision on the remote machine for .ssh and
> authorized_keys
>
> [lalp at blrqmail lalp]$ chmod -R 600 /home/lalp/.ssh [lalp at blrqmail .ssh]$
> ls -lrt total 8
> -rw-r--r--    1 lalp     lalp          601 May 23 14:29 authorized_keys
>
> [lalp at blrqmail .ssh]$ ls -la ../ |grep .ssh
> drwx------    2 lalp     lalp         4096 May 23 14:30 .ssh
> [lalp at blrqmail .ssh]$
>
> 4. Log in from the host machine to remote machine
>
> [lalp at rhythm .ssh]$ ssh blrqmail
> [lalp at blrqmail lalp]$
>
> You should be logged in straightaway with out any password.
>
>
> -----Original Message-----
> From: Stephen Berg [mailto:sberg at mississippi.com]
> Sent: Tuesday, May 23, 2006 3:56 PM
> To: General Red Hat Linux discussion list
> Subject: Re: SSH in BatchMode
>
> Vikas Rawat wrote:
> >>3. We have also changed the file/directory permission for ~/.ssh &
> >>~/.ssh/authorized_key to be read-write for user only by executing
> >>
> >>>chmod -R 600 .ssh
>
> Did you modify /etc/sshd_config to use the ~/.ssh/authorized_keys file?
>   Also notice that it should be "keys" not "key".  And by default
> sshd_config won't read that file to check for public keys.
> --
>                              Stephen Berg
> //-      Linux/UNIX SysAdmin -/- Fixer of that which is broke      -//
> //-                 Home = sberg at mississippi.com                   -//
> //-                 Work = stephen.berg at noaa.gov                   -//
> //-     http://iceberg.3c0x1.com/   -/-   http://www.3c0x1.com     -//
>                 Sinners can repent, but stupid is forever.
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

-- 
Manuel Arostegui Ramirez #Linux Registered User 295750
Socio de Hispalinux 1813
Red Hat Linux 9, Kernel 2.6.2 ReiserFS
Firma  cifrada
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE+3O1MqfmPcHTj+twRAm
yDAJ9P6ezepIMg06vOet/YPKxVoB+Z/ACfWVhh
---END PGP SIGNATURE-----

More information about the redhat-list mailing list