HPE Community
Operating System - HP-UX
1754358 Members
4496 Online
108813 Solutions
New Discussion юеВ

using ssh instead of remsh

 
SOLVED
Go to solution
Mauro Gatti
Valued Contributor

тАО07-16-2003 03:23 AM

тАО07-16-2003 03:23 AM

using ssh instead of remsh

I'd like to run a command on machine B using a script running from machine A.
I know I can use remsh into script to do this (setting .rhosts) but it is possible to use instead of remsh ssh?

Thank You
Ubi maior, minor cessat!
0 Kudos
Reply
10 REPLIES 10
T G Manikandan
Honored Contributor

тАО07-16-2003 03:32 AM

тАО07-16-2003 03:32 AM

Re: using ssh instead of remsh

Yes, you can.
Get the software Openssh from

http://hpux.cs.utah.edu

Reply
Mauro Gatti
Valued Contributor

тАО07-16-2003 03:35 AM

тАО07-16-2003 03:35 AM

Re: using ssh instead of remsh

I've yet SSH. My problem is to give user password from script.
A way like:

ssh -l user host <password
EOT

doesn't work because I'm prompted to insert password and "password" into script is take like a command to esecute after login...
Ubi maior, minor cessat!
0 Kudos
Reply
Pete Randall
Outstanding Contributor

тАО07-16-2003 03:36 AM

тАО07-16-2003 03:36 AM

Solution

Re: using ssh instead of remsh

More specifically, from:

http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/openssh-3.6.1p1/


Pete



Pete
Reply
Karthik S S
Honored Contributor

тАО07-16-2003 04:41 AM

тАО07-16-2003 04:41 AM

Re: using ssh instead of remsh

I had asked a similar question sometime back. Few people suggested me to use expect. Though many didn't really like that Idea. However I am happy using expect for that particular task. Read on,

http://forums.itrc.hp.com/cm/QuestionAnswer/1,,0x4c550ea029a2d711abdc0090277a778c,00.html

Regards,
Karthik S S
For a list of all the ways technology has failed to improve the quality of life, please press three. - Alice Kahn
Reply
Steven E. Protter
Exalted Contributor

тАО07-16-2003 05:29 AM

тАО07-16-2003 05:29 AM

Re: using ssh instead of remsh

Wherever you had a script that said remesh change it to ssh.

To have password free connections and commands and copying under Secure Shell, follow the attached document.

Cheers. Its nice to see people wanting to stop the use of old, insecure protocols. Perhaps someday Ignite will use Secure Shell/ssh.....

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Krishna Prasad
Trusted Contributor

тАО07-16-2003 05:53 AM

тАО07-16-2003 05:53 AM

Re: using ssh instead of remsh

What you do is generate a key using the command /usr/local/bin/ssh-keygen. You then move the public key to the server you want to run the remote script on. You put this key in the users .ssh/authorized_key file.

You can do a man on ssh for more options and details. You can do this becuase we do it here not only between HP-UX machines but between HP-UX machines and NT,Windows 2K, Linux machines.

You also get scp instead of rcp and sftp instead of ftp if you want to use them. All encrypted not plain text.
Positive Results requires Positive Thinking
Reply
Andrew Cowan
Honored Contributor

тАО07-16-2003 10:24 PM

тАО07-16-2003 10:24 PM

Re: using ssh instead of remsh

Once you've setup your SSH and shared-key, so long as you didn't attach a passphrase to they key, you can now run commands directly on the remote host:

ssh -l user host command

The best solution is to copy your script to the remote host, test it locally, then call it as:

ssh -l user host "script > logfile"

In that way you have the minimum possible interaction over the network, and shold not be caught-out by unexpected user-prompts etc.
Reply
Scott Corzine
Advisor

тАО07-17-2003 10:15 AM

тАО07-17-2003 10:15 AM

Re: using ssh instead of remsh

I agree that creating a private key w/o passphrase will accomplish this and may be your best bet.

One cavaet: Anyone who can read the contents of the private key file ONCE can copy it and save it for later (illicit use). You won't necessarily know it has been copied, and changing/adding a passphrase at a later time won't help. You will have to generate and install a new key -- but this isn't hard. In fact, it is prudent to regularly replace and discard such keys (between 1/month and 1/year minimum).

However, you can reduce the danger:

A little known feature of sshd is that you can place restrictions on a particular key in the $HOME/.ssh/.authorized_keys file (this is for OpenSSH). These can require connections come "from" a particular IP address, restrict it to a particular "command" (which you probably want), limit X11, port, and agent forwarding, etc. These are put at the beginning of the line. See the manual page for sshd(8).

I recommend that any private key w/o a passphrase use at least the "command" restriction. If you need multiple commands to run against the same account you can generate multiple keys (1 per command).

-Scott-
Reply
Caesar_3
Esteemed Contributor

тАО07-17-2003 01:38 PM

тАО07-17-2003 01:38 PM

Re: using ssh instead of remsh

Hello!

Yes you can, ssh is use the same parameters
that the remsh use.
So no problem tp replace, all you need is to
install the SSH pack.

Caesar
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.