HPE Community
Operating System - HP-UX
1758039 Members
2386 Online
108867 Solutions
New Discussion юеВ

Re: SSH as a replacement for REMSH

 
SOLVED
Go to solution
Berd
Trusted Contributor

тАО11-13-2006 10:15 PM

тАО11-13-2006 10:15 PM

SSH as a replacement for REMSH

I am trying to configure SSH with a view to closing down 'r' services and amending allscripts which use remsh to use ssh instead. I have generated keys on Server A as root, and copied this to Server B and appended it to /.ssh/authorized_keys. So far so good. I can now enter commands from Server A like, ssh ServerB uname -a, and get an appropriate response.

Now the scripts I am looking to amend use commands like, remsh DBHOST -l orauser -n "/oracle/shutdownscript". If I attempt to replace this with ssh orauser@DBHOST /oracle/shutdownscript I get an error message relating to a authorisation failure, Permission denied (publickey,keyboard-interactive).

Is what I am attempting to do a valid use of SSH, or is it beyond it's capapbility. I guess I could create the orauser on both machines and create a public key, but I would like to avoid having to do this. It will be quiet an over head as I will have to do the same for every client machine to the backup server.

Any comments, assistance greatfully received.

Berd
0 Kudos
6 REPLIES 6
Yogeeraj_1
Honored Contributor

тАО11-13-2006 10:50 PM

тАО11-13-2006 10:50 PM

Re: SSH as a replacement for REMSH

hi Berd,

first of all, check if you get the shell prompt when you run:
ssh orauser@DBHOST

kind regards
yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Berd
Trusted Contributor

тАО11-13-2006 11:11 PM

тАО11-13-2006 11:11 PM

Re: SSH as a replacement for REMSH

Hi Yogeeraj,

I don't get a shell promt, I get the same error message.

Regards,
Berd
0 Kudos
Steven E. Protter
Exalted Contributor

тАО11-13-2006 11:48 PM

тАО11-13-2006 11:48 PM

Solution

Re: SSH as a replacement for REMSH

Shalom,

ssh is a valid replacement for remesh, I've done it.

The problem here is probably directory or file permissions on the .ssh directory.

See http://www.hpuxconsulting.com/5003.ppt or http://www.hpuxconsulting.com/5004.ppt

One of them is unrelated but I can't remember which.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Berd
Trusted Contributor

тАО11-14-2006 02:01 AM

тАО11-14-2006 02:01 AM

Re: SSH as a replacement for REMSH

Hi Steve,

You're right. This looks like a permissions issue on the users home directory. Permissions are set to 775 as oppose to the required 755.

I'm looking to test the change of permissions on 2 test boxes, but now I am having an issue setting up ssh between these. I'm now getting 'Host key verification failed', although I have copied the current public key across and all permissions are ok ?

Regards,
Herdip
0 Kudos
Doug O'Leary
Honored Contributor

тАО11-14-2006 03:46 AM

тАО11-14-2006 03:46 AM

Re: SSH as a replacement for REMSH

Hey;

Actually, this is not an issue with the permissions on the home directory (at least not yet) and, to answer your first question, this is a perfect example of what ssh can do.

You updated root's authorized keys file on serverB, but you're trying to login as orauser on serverb.

If you want to ssh, as root, from Server A to orauser@ServerB, you will need to copy the public key to ~orauser@serverB:.ssh/authorized_keys

Note that, similarly to cron, ssh remote commands have a limited environment configured - not as limited as cron, but still not what you'd expect. You'll need to ensure that the /oracle/shutdownscript has all the environment variables defined that it needs to access the database.

HTH;

Doug

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
0 Kudos
Berd
Trusted Contributor

тАО11-20-2006 01:57 AM

тАО11-20-2006 01:57 AM

Re: SSH as a replacement for REMSH

Thanks for the input.

I found this to be caused by 2 issues. Firstly, as mentioned the permissions on the home directory of the remote host were 775, as oppose to 755. Even having corrected this I was still get 'Host Verification Failed' messages. I then amended the StrictHostKeyChecking variable in /etc/opt/ssh/ssh_config. Disabling it, and then re-enabling after a first successful connection was mad. This seems to have resolved the problem.

Regards,
Berd
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.