07-25-2005
Quote:
Originally Posted by hadarot
The only issue with the above outlined process is that you now have a totally unencrypted private key laying around your hard drive, which is a security risk. So you should not always use this method of no password on the key, depending on other security factors, such as if your home directory is on an NFS exported directory within a large network, thus more vulnerable to attack.
While this is certainly true, sometimes using unencrypted ssh private keys is the most secure way to carry out some tasks. For example, if I wanted to copy an file from one server to another server every night at 3am, that would be a good time to use an unencrypted ssh key.
To mitiage the risk, as mentioned above, you should make 100% sure that the directory containing the keys isn't being shared or served, and that the permissions on the private key are 0400 (user read-only). In the example above, where the user is only doing file copies, you should look into using a restricted shell like rssh, so that even if the key is compromised, the scope of attacks is much more limited.
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I have the problem with SFTP; BELOW IS the entry from my ssh_config file
It's prompting me for password all the time when using SFTP. pLEASE help. (1 Reply)
Discussion started by: dsravan
1 Replies
2. Programming
Hi,
I have set up my remote server for password-less login via ssh. If I run the command on my server - ssh user@remoteserver "ls -l"
I get an output, but when I try to do this via java
String sCmd = new String{"/usr/bin/ssh", " user@remoteserver", "\"ls -l\""};
Process p =... (3 Replies)
Discussion started by: nrworld
3 Replies
3. UNIX for Advanced & Expert Users
I am trying to copy a file from remote machine using scp. I followed the steps to configure public/private key usage. But still prompting for password when I do ssh.
I did the following steps to configure scp without asking password
Step 1 : local host > ssh-keygen -t rsa and when prompted... (9 Replies)
Discussion started by: satish@123
9 Replies
4. Red Hat
There are two servers :
1. Site
2. Testing
from site server i want to connect testing server with ssh password less authentication.
i generated public and private keys with ssh-keygen -t rsa on site server.
cat id_rsa >> authorized_keys
cat id_rsa.pub >> authorized_keys
i... (15 Replies)
Discussion started by: rehantayyab82
15 Replies
5. UNIX for Dummies Questions & Answers
Hello,
I'm trying to perform these operations without entering any password, as user "fzd":fzd@machine1> scp /tmp/srcFile1 fzd@machine2:/tmp/$destFile
fzd@machine1> scp fzd@machine2:/tmp/$srcFile /tmp/$destFilebut alsofzd@machine1> scp /tmp/srcFile1 machine2:/tmp/$destFile
fzd@machine1> scp... (6 Replies)
Discussion started by: fzd
6 Replies
6. Shell Programming and Scripting
Hi,
I have SVN installed in my UNIX solaris server.
I actually automated the process that downloads code from SVN server to UNIX solaris server in script. When i run the script, its asking for password to download every element.
Its really difficult to type password for every element when... (3 Replies)
Discussion started by: gthangav
3 Replies
7. Shell Programming and Scripting
Hi,
When i am trying to connect to other server using ssh coomand, it is prompting for password.
But i want to hardcode it with username so that it should not prompt for password.
And i dont want to use "ssh-keygen" method as it is not allowed.
Please help me.
Regards,
Mukta (7 Replies)
Discussion started by: Mukta
7 Replies
8. Shell Programming and Scripting
Hi All,
I am trying to transfer a file from one server to a remote server using SFTP. Client is not ready for key setup.
I am working on Solaris 10.
Here is the code.
#!/bin/ksh
# sample automatic Sftp script to dump a file
USER="user1"
PASSWORD="pass1"
HOST="host1"
sftp $USER@$HOST... (6 Replies)
Discussion started by: megha2525
6 Replies
9. UNIX for Dummies Questions & Answers
Dear unix experts,
i have a requirement as below.
i need to use SFTP as FTP.
ftp -n -v << ENDFTP
open test_ftp.server
user ftp_user_name ftp_password
quit
ENDFTP
if i use this in a shell script, it's not asking for password. But i want the similar thing achived using... (5 Replies)
Discussion started by: AraR87
5 Replies
10. Shell Programming and Scripting
// Red Hat Enterprise Linux Server release 6.7
I wanted to pass the password, but when I execute this cron, it stops at Password: prompt.
Please advise on how to fix the error. Thank you for tour help in advance.
#!/usr/bin/ksh
su - pmserver
echo "su - pmserver"
cd... (2 Replies)
Discussion started by: Daniel Gate
2 Replies
LEARN ABOUT REDHAT
ssh-add
SSH-ADD(1) BSD General Commands Manual SSH-ADD(1)
NAME
ssh-add -- adds RSA or DSA identities to the authentication agent
SYNOPSIS
ssh-add [-lLdDxX] [-t life] [file ...]
ssh-add -s reader
ssh-add -e reader
DESCRIPTION
ssh-add adds RSA or DSA identities to the authentication agent, ssh-agent(1). When run without arguments, it adds the files
$HOME/.ssh/id_rsa, $HOME/.ssh/id_dsa and $HOME/.ssh/identity. Alternative file names can be given on the command line. If any file requires
a passphrase, ssh-add asks for the passphrase from the user. The passphrase is read from the user's tty. ssh-add retries the last
passphrase if multiple identity files are given.
The authentication agent must be running and must be an ancestor of the current process for ssh-add to work.
The options are as follows:
-l Lists fingerprints of all identities currently represented by the agent.
-L Lists public key parameters of all identities currently represented by the agent.
-d Instead of adding the identity, removes the identity from the agent.
-D Deletes all identities from the agent.
-x Lock the agent with a password.
-X Unlock the agent.
-t life
Set a maximum lifetime when adding identities to an agent. The lifetime may be specified in seconds or in a time format specified in
sshd(8).
-s reader
Add key in smartcard reader.
-e reader
Remove key in smartcard reader.
FILES
$HOME/.ssh/identity
Contains the protocol version 1 RSA authentication identity of the user.
$HOME/.ssh/id_dsa
Contains the protocol version 2 DSA authentication identity of the user.
$HOME/.ssh/id_rsa
Contains the protocol version 2 RSA authentication identity of the user.
Identity files should not be readable by anyone but the user. Note that ssh-add ignores identity files if they are accessible by others.
ENVIRONMENT
DISPLAY and SSH_ASKPASS
If ssh-add needs a passphrase, it will read the passphrase from the current terminal if it was run from a terminal. If ssh-add does
not have a terminal associated with it but DISPLAY and SSH_ASKPASS are set, it will execute the program specified by SSH_ASKPASS and
open an X11 window to read the passphrase. This is particularly useful when calling ssh-add from a .Xsession or related script.
(Note that on some machines it may be necessary to redirect the input from /dev/null to make this work.)
SSH_AUTH_SOCK
Identifies the path of a unix-domain socket used to communicate with the agent.
DIAGNOSTICS
Exit status is 0 on success, 1 if the specified command fails, and 2 if ssh-add is unable to contact the authentication agent.
AUTHORS
OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
Theo de Raadt and Dug Song removed many bugs, re-added newer features and created OpenSSH. Markus Friedl contributed the support for SSH
protocol versions 1.5 and 2.0.
SEE ALSO
ssh(1), ssh-agent(1), ssh-keygen(1), sshd(8)
BSD
September 25, 1999 BSD