SSH Connection
Stephen Carville
stephen at totalflood.com
Thu Jun 2 17:38:34 UTC 2005
McDougall, Marshall (FSH) wrote:
> You need to create keys. It's been awhile, but it's spelled out fairly well
> in the man pages for ssh-keygen. One gotcha I remember is that the perms on
> the .ssh directory need to be very tight (600 maybe).
700.
1. Create a key on A as oracle. Call it rsa_script_key and use an empty
passphrase.
2. copy the contents of rsa_script_key.pub to the file
<ias-home>/.ssh/authorized_keys on B.
3. Invoke ssh from A as oracle:
$ ssh -i ~/.ssh/rsa_script_key ias at B -t /u01/ias/scripts/test_script.sh
.ssh directories on both ends must have permission of 700 or better or
ssh will fail. You might need to play with StrictModes in sshd_config.
I think with 3.0 ans above if your home directory is 755 or better
StrictModes won't complain but this threshold has changed over the years.
When all else fails, check in /var/log/messages for hints.
> Regards, Marshall
>
> -----Original Message-----
> From: Kelley.Coleman at med.va.gov [mailto:Kelley.Coleman at med.va.gov]
> Sent: Thursday, June 02, 2005 9:53 AM
> To: redhat-list at redhat.com
> Subject: SSH Connection
>
>
> I would like to run a script on box A that connects to box B, executes a
> script there, then returns to complete the original script. The user
> accounts are different on each box. Box A user is 'oracle', box B user is
> 'ias'.
>
> I tried:
>
> ssh servername -l ias /u01/ias/scripts/test_script.sh
>
> but I'm prompted for a password.
>
> I tried putting the password into the script where it seems to want it, but
> again, I'm prompted for a password and it processes the password in the
> script as a command.
>
> Do I need to do something in the ssh_config? known_hosts? authorized_keys?
>
> I'm not thrilled with the thought of having the password in a script file.
> So if there's a better way, I'm all for hearing it!
>
> Thanks in advance...
>
> Kelley Coleman
> Database Administrator
> VA Health Administration Center
> Denver, Colorado
> 303-331-7521-o
> 888-732-8802-p
> 720-319-0454-c
>
> Confidentiality Note: This e-mail is intended only for the person or entity
> to which it is addressed, and may contain information that is privileged,
> confidential, or otherwise protected from disclosure. Dissemination,
> distribution, or copying of this e-mail or the information herein by anyone
> other than the intended recipient is prohibited. If you have received this
> e-mail in error, please notify the sender by reply e-mail, phone, or fax,
> and destroy the original message and all copies. Thank you
>
--
Stephen Carville <stephen at totalflood.com>
Unix and Network Admin
Nationwide Totalflood
6033 W. Century Blvd
Los Angeles, CA 90045
310-342-3602
More information about the redhat-list
mailing list