I'm trying to automate access to an Amazon Web Services machine instance. What this means is that my script is trying to use ssh to connect to a new server every time. I know the RSA fingerprint of my new server through an out-of-band channel.
I would like to capture the RSA fingerprint returned by my first attempt to connect with ssh, compare with the known value, and then proceed with connection only if they match.
This is an example response from manual interaction with ssh
Code:
The authenticity of host 'notreal (123.456.78.90)' can't be established.
RSA key fingerprint is 46:1b:c6:2e:e9:63:a2:60:7c:ad:05:14:a9:93:23:da.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
Here's what I have so far
# call ssh but decline to connect. We can parse out the RSA fingerprint
# from the response.
CHECK_FP=`ssh -t -t -i ~/.ec2/id_rsa-gsg-keypair root@$EC2_HOST 2>&1 <<EOF
no
EOF`
echo "The ssh returned fingerprint is $CHECK_FP"
Unfortunately CHECK_FP is returning "Host key verification failed", i.e. only the line after the user interaction. Also, my attempt to feed the "no" response automatically doesn't work either and I still have to enter it myself.
How can I call ssh, feeding it the correct "no" response and store the complete string from ssh for parsing?
Alternatively, is there another tool which can ask the server for the RSA fingerprint? Nothing from the ssh toolset looks appropriate.
Limitations: I'm on a small NAS linux box so installing expect and its Tcl dependencies isn't an option. Other options I've looked at involving finding the public RSA key of the server and storing it in known_hosts, but I don't think the public RSA key is available.
Thanks!
Last edited by Yogesh Sawant; 04-10-2009 at 08:23 AM..
Reason: added code tags
I know there's an echo 1 liner command that will do a new line for me, I think same with fdisk too. Dont want to press "enter,enter,enter" just to finish the ssh-keygen -t rsa. Hope you understand what i mean here.
Thanks
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter... (1 Reply)
We have RSA SecureID softtoken key generator on my Windows machine.
It generates new keys every 1 minute.
Any HPUX server (be it ServerD or ServerP) requires my ID and the randomly generated RSA SecureID softtoken key from my Windows to login.
I login to ServerD.
Then I run a script... (0 Replies)
Hi All,
I am using wget to call a url..i am getting 202 if it is successful. if not i am forcing the response code to 417.
how can i capture the response code and print 0 if it is 202 and 1 if it is not 202
any ideas, please share
Thanks,
Jack. (2 Replies)
Hi there,
I have a Linux Debian machine with the following fingerprint :
e1:95:11:46:ff:d1:e3:4a:a3:34:1a:25:b4:d8:f1:cb.
I'd like to set this fingerprint to :
cd:19:bd:f6:8e:00:7a:69:14:52:a1:73:cb:15:a5:ca.
I have very specific reasons to do that. So please only answer if you know how... (5 Replies)
Hi All,
I need to scp a folder from one host to another in a script. When I run a command , it asks me to authenticate for the RSA key fingerprint for the first time.
# scp -r temp1 root@iqcarrot:/root/
The authenticity of host 'iqmango.apac.avaya.com (148.147.172.112)' can't be... (2 Replies)
hello
any way to avoid the fingerprint authenticity step when I ssh the first time to a server by always setting a 'yes' as a default answer?
thanks (10 Replies)
We have tested successfully OPENssh with RSA & PAM, now we have to implement this in all of our environment. In order to do this we want to integrate all the OPEN ssh packages and RSA software into one package and then just do a pkgadd of the created package and it should take care of everthing. My... (1 Reply)
I am using an ssh pub key on two remote servers to allow ssh session without authentication. Both servers have the same id_rsa.pub copied from the host into the remote servers ~user/.ssh/authorized_keys. There is no passphrase for this key either.
The problem is that I am able to ssh into one... (2 Replies)
Hi,
We wish to register RSA key fingerprint with JVM 1.4.2 under UNIX environment.
Any inputs how to go for it?
The output we are getting as
"The authenticity of host 'sxfer01.bluecrossmn.com (159.136.224.30)' can't be established.
RSA key fingerprint is... (0 Replies)
Hi,
I have an cron-script running ssh every 5 minutes. After a reboot cron errors as ssh is wating for a DSA key fingerprint authenticy.
The request looks as following :
The authenticity of host '*** (*.*.*.0)' can't be established.
DSA key fingerprint is... (1 Reply)
