HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- SSH between 2 servers with no password and anounym...
Operating System - HP-UX
1833875
Members
1941
Online
110063
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2003 04:16 AM
11-03-2003 04:16 AM
SSH between 2 servers with no password and anounymous
How do I do this.
I'm using ssh with a authorized_keys file.
I'm also using 'ssh hostname /script/to/execute.sh` command as the users.
It works fine.
I want to execute this remote script with most any anounymous user. If I use 'ssh user@hostname /the/script.sh' it prompts for a password.
How can I create a connection between the servers so users do not get prompted for the password?
I think what I am asking for is an anounymous SSH connection between 2 servers.
Can you help?
Marty
I'm using ssh with a authorized_keys file.
I'm also using 'ssh hostname /script/to/execute.sh` command as the users.
It works fine.
I want to execute this remote script with most any anounymous user. If I use 'ssh user@hostname /the/script.sh' it prompts for a password.
How can I create a connection between the servers so users do not get prompted for the password?
I think what I am asking for is an anounymous SSH connection between 2 servers.
Can you help?
Marty
The only thing that always remain the same are the changes.
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2003 04:19 AM
11-03-2003 04:19 AM
Re: SSH between 2 servers with no password and anounymous
Secure shell is not designed to allow anonymous access.
You will have to exchange public keys for every individual user you intend to execute the script.
I'm attaching a doc, but think you already have one.
You could design a shared user that lots of people are allowed to user. When you switch users however, to maintain security, SSH wants a password.
SEP
You will have to exchange public keys for every individual user you intend to execute the script.
I'm attaching a doc, but think you already have one.
You could design a shared user that lots of people are allowed to user. When you switch users however, to maintain security, SSH wants a password.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-03-2003 04:38 AM
11-03-2003 04:38 AM
Re: SSH between 2 servers with no password and anounymous
Steven,
What I have is a scrip that the users would execute that would do all the connecting to the remote server.
Would need to create an authorized_keys for each local user? Or could I use the same key for all of them?
Meaning would each user need a key on the remote server?
Maybe One user on the remote server with a key for each user that can connect?
Marty
What I have is a scrip that the users would execute that would do all the connecting to the remote server.
Would need to create an authorized_keys for each local user? Or could I use the same key for all of them?
Meaning would each user need a key on the remote server?
Maybe One user on the remote server with a key for each user that can connect?
Marty
The only thing that always remain the same are the changes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2003 03:37 AM
11-04-2003 03:37 AM
Re: SSH between 2 servers with no password and anounymous
Two options:
1. create a unique user (call him 'anonymous') to execute this script. Put all remote users' public keys into the authorized_keys file. Then all users can login as that user on the system in question and run the script with no password. You can further restrict access by making the script to execute the 'shell' so that that is the only command that can be executed when logging in as that user (which may or may not help, depending on side effects in the script).
Downside: you don't know which user logged in, and you're executing everything as the same user.
2. There is an option called HostbasedAuthentication in the sshd_config file that trusts the 'host' rather than each individual user. This is equivalent in the rhosts world to hosts.equiv, but does proper authentication of the client host.
I think this implies that each user would still connect as their own user.
3. Something you don't want to do: generate a key pair and put the public key in every user's authorized_keys file, then distribute the private key to all users who will connect. The obvious consequence is that everyone gets to log in as everyone else, which defeats the purpose of having distinct users.
4. twist on #1: you could generate a single key pair, put the public key in user anonymous' authorized_keys file, and distribute the private key to all authorized users. If someone changes jobs, then you delete that public key and redistribute a new private key (a bit ugly as you can't do it for just the person who left)
Hope that helps.
-Keith
1. create a unique user (call him 'anonymous') to execute this script. Put all remote users' public keys into the authorized_keys file. Then all users can login as that user on the system in question and run the script with no password. You can further restrict access by making the script to execute the 'shell' so that that is the only command that can be executed when logging in as that user (which may or may not help, depending on side effects in the script).
Downside: you don't know which user logged in, and you're executing everything as the same user.
2. There is an option called HostbasedAuthentication in the sshd_config file that trusts the 'host' rather than each individual user. This is equivalent in the rhosts world to hosts.equiv, but does proper authentication of the client host.
I think this implies that each user would still connect as their own user.
3. Something you don't want to do: generate a key pair and put the public key in every user's authorized_keys file, then distribute the private key to all users who will connect. The obvious consequence is that everyone gets to log in as everyone else, which defeats the purpose of having distinct users.
4. twist on #1: you could generate a single key pair, put the public key in user anonymous' authorized_keys file, and distribute the private key to all authorized users. If someone changes jobs, then you delete that public key and redistribute a new private key (a bit ugly as you can't do it for just the person who left)
Hope that helps.
-Keith
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2003 03:57 AM
11-04-2003 03:57 AM
Re: SSH between 2 servers with no password and anounymous
Kevin,
This sounds good.
All the users will run the job from a menu and I Apps controls the security and a log is created. Using an KEY for each user on the local side with putting the KEY in the one remote user is doable.
What about making my script run as a different user?
Meaning user A or B runs the script that runs as user C. User C has the KEY.
How would that work?
su - userC -c /the/script
How does this deal with the local password?
Marty
This sounds good.
All the users will run the job from a menu and I Apps controls the security and a log is created. Using an KEY for each user on the local side with putting the KEY in the one remote user is doable.
What about making my script run as a different user?
Meaning user A or B runs the script that runs as user C. User C has the KEY.
How would that work?
su - userC -c /the/script
How does this deal with the local password?
Marty
The only thing that always remain the same are the changes.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP