HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- Server Management - Systems Insight Manager
- >
- OpenSSH .shosts hostbased authentication
Server Management - Systems Insight Manager
1833934
Members
1825
Online
110063
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2004 09:10 PM
05-05-2004 09:10 PM
OpenSSH .shosts hostbased authentication
This is slightly off topic, but I'm hoping to be able to configure the openssh version which ships with SIM in order that a management system in our environment can execute scripted (and scheduled) ssh commands. Normally we would use psexec from pstools, but in this instance the target machine is behind a firewall.
Eg. ssh -l username remotehost command_to_execute
The default install of openssh requires password authentication, but openssh is capable of host based authentication to negate this (and thus stop the interactive password requirement).
Has anyone managed to get this functionality working with the hp openssh implementation?
TIA
Ben
Eg. ssh -l username remotehost command_to_execute
The default install of openssh requires password authentication, but openssh is capable of host based authentication to negate this (and thus stop the interactive password requirement).
Has anyone managed to get this functionality working with the hp openssh implementation?
TIA
Ben
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2004 09:19 AM
05-06-2004 09:19 AM
Re: OpenSSH .shosts hostbased authentication
Ben,
OpenSSH should be OpenSSH, so there should be typically no difference. I downloaded OpenSSH and am using that.
The fact it's behind a firewall should make no difference except that you have to allow the SSH traffic through the firewall.
Alas, I'm still battling the fun of OpenSSH within IM. But, you should be able to test login etc. to SSH via any of the standard utilities, e.g. the SSH Client or Putty.
OpenSSH should be OpenSSH, so there should be typically no difference. I downloaded OpenSSH and am using that.
The fact it's behind a firewall should make no difference except that you have to allow the SSH traffic through the firewall.
Alas, I'm still battling the fun of OpenSSH within IM. But, you should be able to test login etc. to SSH via any of the standard utilities, e.g. the SSH Client or Putty.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-06-2004 07:49 PM
05-06-2004 07:49 PM
Re: OpenSSH .shosts hostbased authentication
Rob,
I agree, the firewall is not an issue, ssh is allowed through. Standard ssh logins work very well, what I am attempting to do is allow a login without any user interaction.
The reason I'm attempting to do this is because I need the ability to remotely execute commands on the target machine but in a scripted manner. Normally we would use psexec from the pstools suite, but this requires MSRPC and a lot of shoehorning in order to work across a firewall.
The default install of openssh requires an interactive login so as it stands is not viable for a scripted solution.... but, openssh supports .rhosts and .shosts hostbased login (which requires no interactive logon), I'm having difficulty getting this to work and just wondered if anyone else had managed it in a windows environment before.
Thanks for your response,
Ben
I agree, the firewall is not an issue, ssh is allowed through. Standard ssh logins work very well, what I am attempting to do is allow a login without any user interaction.
The reason I'm attempting to do this is because I need the ability to remotely execute commands on the target machine but in a scripted manner. Normally we would use psexec from the pstools suite, but this requires MSRPC and a lot of shoehorning in order to work across a firewall.
The default install of openssh requires an interactive login so as it stands is not viable for a scripted solution.... but, openssh supports .rhosts and .shosts hostbased login (which requires no interactive logon), I'm having difficulty getting this to work and just wondered if anyone else had managed it in a windows environment before.
Thanks for your response,
Ben
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2004 02:28 AM
11-11-2004 02:28 AM
Re: OpenSSH .shosts hostbased authentication
I know this thread is rather old, but I just found it. There doesn't seem to be a solution posted however, and I have got this working. I was searching the forums to try and find out what .shosts is for, as this solution doesn't use it.
anyway...
First, on host1 you need to make sure that a directory called .ssh exists in the user's home directory (we'll assume root). To keep it secure, create it with 700 permissions:
mkdir -m 700 .ssh
Then you need to generate a public/private key pair:
ssh-keygen -t dsa -f ~/.ssh/id_dsa
Now copy the public key to host2:
cd .ssh
scp id_dsa.pub root@host2:~/.ssh/id_dsa.tmp
(You still need to supply the password at this point)
Now on host2, add that public key to the list of authorised keys:
ssh host2
(Password still needed)
cd .ssh
cat id_dsa.tmp >> authorized_keys
(Note American spelling!!! "authorized" with a zed)
chmod 640 authorized_keys
root on host1 can now login to host2 without a password.
To get this working in both directions (i.e. root on host2 can also log in to host1 without a password), you basically do the same thing in reverse: Create a public key on host2 and copy it to host1.
NOTE: Do not overwrite the original id_dsa.pub file, or you will have un-done all of the above. also, do not overwrite the authorized_keys file: just append to it.
Basically the key in id_dsa.pub on the local host must match an entry in the authorized_keys file on the remote host for the password to be skipped. The authorized_keys file can contain several entries. Just keep appending to it as shown above.
Hope that helps
Gordon
anyway...
First, on host1 you need to make sure that a directory called .ssh exists in the user's home directory (we'll assume root). To keep it secure, create it with 700 permissions:
mkdir -m 700 .ssh
Then you need to generate a public/private key pair:
ssh-keygen -t dsa -f ~/.ssh/id_dsa
Now copy the public key to host2:
cd .ssh
scp id_dsa.pub root@host2:~/.ssh/id_dsa.tmp
(You still need to supply the password at this point)
Now on host2, add that public key to the list of authorised keys:
ssh host2
(Password still needed)
cd .ssh
cat id_dsa.tmp >> authorized_keys
(Note American spelling!!! "authorized" with a zed)
chmod 640 authorized_keys
root on host1 can now login to host2 without a password.
To get this working in both directions (i.e. root on host2 can also log in to host1 without a password), you basically do the same thing in reverse: Create a public key on host2 and copy it to host1.
NOTE: Do not overwrite the original id_dsa.pub file, or you will have un-done all of the above. also, do not overwrite the authorized_keys file: just append to it.
Basically the key in id_dsa.pub on the local host must match an entry in the authorized_keys file on the remote host for the password to be skipped. The authorized_keys file can contain several entries. Just keep appending to it as shown above.
Hope that helps
Gordon
What does this button do?
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP