HPE Community
Operating System - HP-UX
1753448 Members
4719 Online
108794 Solutions
New Discussion юеВ

Re: ssh password

 
SOLVED
Go to solution
Dan Matlock_1
Regular Advisor

тАО08-02-2005 12:56 PM

тАО08-02-2005 12:56 PM

ssh password

Just took over some system where a ssh key was gen'd w/password. Users now want to run 'batch' type jobs without user prompts, so what is the HP preferred method??? On linux I know some use 'expect' to pass the args...
0 Kudos
Reply
5 REPLIES 5
Denver Osborn
Honored Contributor

тАО08-02-2005 01:57 PM

тАО08-02-2005 01:57 PM

Re: ssh password

I can't say that there's any preferred method, just use what you feel is secure and right for your environment. You can either use ssh-agent to cache the passphrase or remove the passphrase from the key.

Sorry, I don't have time to write up a mini how-to for ya, but be sure to check out the man pages for ssh-keygen and ssh-agent. Also try a search on the forums for "ssh-agent script"

hope this helps,
-denver
0 Kudos
Reply
generic_1
Respected Contributor

тАО08-02-2005 02:19 PM

тАО08-02-2005 02:19 PM

Solution

Re: ssh password

Setup a sshey with a null passphrase if you must do this. Its your most secure, free option. Your data will be encrypted between point a and b. There will be no passwords sent across the network. Expect has poor security and unexpected garbage can cause your expect script to fail.
Reply
Doug O'Leary
Honored Contributor

тАО08-04-2005 05:38 AM

тАО08-04-2005 05:38 AM

Re: ssh password

As an addendum to the alternate ssh key:

The trick is to set up an alternate ssh key pair that does not have a passphrase associated with it. If possible, on the target systems, you want to limit that public key so that it can only execute the given command.

To set up the new key pair, issue the following:

ssh-keygen -t dsa -P "" -f ~/.ssh/ego

Distribute the new public key as you normally would, then from the source system, execute:

ssh -i ~/.ssh/ego ${host} ${command}

Once you have this working from the command, simply put the full command line in the appropriate crontab.

HTH;

Doug

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
Reply
Bob Ingersoll
Valued Contributor

тАО08-10-2005 02:39 AM

тАО08-10-2005 02:39 AM

Re: ssh password

Another way to disable passprase/password prompting is to create a $HOME/.ssh/config file with "BatchMode yes".

Check the ssh_config man page.
Reply
Gordon Morrison
Trusted Contributor

тАО08-10-2005 03:32 AM

тАО08-10-2005 03:32 AM

Re: ssh password

I've attached the procedure I use for setting up passwordless ssh logins.
Share And Enjoy
What does this button do?
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.