SSH Connection

Stephen Carville stephen at totalflood.com
Thu Jun 2 17:38:34 UTC 2005 

McDougall, Marshall (FSH) wrote:
> You need to create keys.  It's been awhile, but it's spelled out fairly well
> in the man pages for ssh-keygen.  One gotcha I remember is that the perms on
> the .ssh directory need to be very tight (600 maybe). 

700.

1. Create a key on A as oracle.  Call it rsa_script_key and use an empty 
passphrase.

2. copy the contents of rsa_script_key.pub to the file 
<ias-home>/.ssh/authorized_keys on B.

3. Invoke ssh from A as oracle:
$ ssh -i ~/.ssh/rsa_script_key ias at B -t /u01/ias/scripts/test_script.sh

.ssh directories on both ends must have permission of 700 or better or 
ssh will fail.  You might need to play with StrictModes in sshd_config. 
  I think with 3.0 ans above if your home directory is 755 or better 
StrictModes won't complain but this threshold has changed over the years.

When all else fails, check in /var/log/messages for hints.

> Regards, Marshall
> 
> -----Original Message-----
> From: Kelley.Coleman at med.va.gov [mailto:Kelley.Coleman at med.va.gov] 
> Sent: Thursday, June 02, 2005 9:53 AM
> To: redhat-list at redhat.com
> Subject: SSH Connection
> 
> 
> I would like to run a script on box A that connects to box B, executes a
> script there, then returns to complete the original script.  The user
> accounts are different on each box.  Box A user is 'oracle', box B user is
> 'ias'.
> 
> I tried:
> 
> ssh servername -l ias /u01/ias/scripts/test_script.sh
> 
> but I'm prompted for a password.
> 
> I tried putting the password into the script where it seems to want it, but
> again, I'm prompted for a password and it processes the password in the
> script as a command.
> 
> Do I need to do something in the ssh_config?  known_hosts? authorized_keys?
> 
> I'm not thrilled with the thought of having the password in a script file.
> So if there's a better way, I'm all for hearing it!
> 
> Thanks in advance...
> 
> Kelley Coleman
> Database Administrator
> VA Health Administration Center
> Denver, Colorado
> 303-331-7521-o
> 888-732-8802-p
> 720-319-0454-c
> 
> Confidentiality Note:  This e-mail is intended only for the person or entity
> to which it is addressed, and may contain information that is privileged,
> confidential, or otherwise protected from disclosure.  Dissemination,
> distribution, or copying of this e-mail or the information herein by anyone
> other than the intended recipient is prohibited.  If you have received this
> e-mail in error, please notify the sender by reply e-mail, phone, or fax,
> and destroy the original message and all copies. Thank you
> 


-- 
Stephen Carville <stephen at totalflood.com>
Unix and Network Admin
Nationwide Totalflood
6033 W. Century Blvd
Los Angeles, CA 90045
310-342-3602

More information about the redhat-list mailing list