- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- providing password in script
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-28-2008 09:28 PM
тАО11-28-2008 09:28 PM
providing password in script
I need to ssh and scp to multiple servers.
How can I do this using a script.Password should be provided in the script, so that ssh/scp should not ask passwd for each server.
( Some way other than exchanging ssh key )
Thanks
sen
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-28-2008 10:07 PM
тАО11-28-2008 10:07 PM
Re: providing password in script
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2008 12:00 AM
тАО11-29-2008 12:00 AM
Re: providing password in script
Can you please explain why you don't want to use the standard SSH free password approach ?
Best
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2008 05:41 AM
тАО11-29-2008 05:41 AM
Re: providing password in script
You can and should avoid passwords in scripts if you are automating Secure Shell functions like 'scp', 'sftp', etc.
Setup and use public keys among your servers.
These two links should provide you the information you need to easily do this:
http://sial.org/howto/openssh/publickey-auth/
http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1254688&admit=109447626+1227965745456+28353475
The 'known_hosts' file contains the public host keys for all known hosts. The per-user version is maintained automatically. Thus, whenever you connect from an unknown host, its key is added to the per-user file if you choose to acknowledge the fingerprint. If you don't, the connection can still be made, but you will be prompted the next time as if you had never connected.
The manpages for 'sshd' and 'ssh' offer more information.
Regards!
...JRF...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2008 07:46 AM
тАО11-29-2008 07:46 AM
Re: providing password in script
As far as I know, the only workable alternative would be to use "expect" to script the connection.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-29-2008 03:48 PM
тАО11-29-2008 03:48 PM
Re: providing password in script
ssh and scp are encrypted communications protocols, commonly used to enhance security. By trying to put a password into a script, you have placed a security vulnerability into your environment, thus making ssh/scp much less secure. Setting up a public key is a commonly accepted method to run remote commands and copy files in a secure manner. Like any networking solution, the local user as well as the remote user should be evaluated as to allowed permissions. root-to-root should be evaluated. user-to-user makes more sense and for ssh commands, running sudo at the remote site is preferred over root access.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-26-2009 06:58 AM
тАО01-26-2009 06:58 AM
Re: providing password in script
JRF has the answer,
You can use SCP or SFTP in batch mode but you need to define trusts between the two boxes in question.
Follow the links in his posts to define the key exchange, and then within your script you can use the
scp -B sourceuser@
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-26-2009 07:24 AM
тАО01-26-2009 07:24 AM
Re: providing password in script
If you want to do this, you will need to use a tool like expect:
http://expect.nist.gov/
(Google ssh/scp expect for some sample scripts)
You can also check out the Perl Net::SSH module:
http://search.cpan.org/dist/Net-SSH-Perl/lib/Net/SSH/Perl.pm
There are also modules for Python and TCL that do this. Check around on google for samples.
key-based authentication is the way to go though. It doesn't require any add-on tools and is secure.
- Tags:
- expect
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО01-26-2009 09:32 PM
тАО01-26-2009 09:32 PM
Re: providing password in script
To avoid problems with the private key requiring a pass-phrase, one should generate a second private/public pair without a pass-phrase, and at the remote end, you restrict that public key to doing the specific command(s) that you wish.
In a similar vein to the others, I suggest you read, read, read (or man, man, man), but hopefully I've suggested an approach and that you'll know what to look for when reading.
Anyone wanna suggest how to restrict a public key to scp only AND restrict it to a particular directory tree (so someone can't pick it up and mess around with the .profile, or to grab sensitive information)?
Nick.