SSH - Prompting for password | Unix Linux Forums | UNIX for Advanced & Expert Users

  Go Back    


UNIX for Advanced & Expert Users Expert-to-Expert. Learn advanced UNIX, UNIX commands, Linux, Operating Systems, System Administration, Programming, Shell, Shell Scripts, Solaris, Linux, HP-UX, AIX, OS X, BSD.

SSH - Prompting for password

UNIX for Advanced & Expert Users


Tags
linux

Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 06-09-2005
shihabvk shihabvk is offline
Registered User
 
Join Date: May 2005
Last Activity: 14 July 2009, 8:56 AM EDT
Posts: 54
Thanks: 0
Thanked 0 Times in 0 Posts
SSH - Prompting for password

Hi,
Can anybody tell me a way to do ssh , without prompting for password from keyboard, Using RSA. The requirement is I need to create the key , using passphrase also.....
Is there any way to do it in UNIX ?
I am doing it from AIX machine , but remote machine is Linux
I tried my best , couldn't succeed
Shihab

Last edited by shihabvk; 06-09-2005 at 03:41 AM..
Sponsored Links
    #2  
Old 06-10-2005
tom_xx_hu@yahoo tom_xx_hu@yahoo is offline
Registered User
 
Join Date: May 2005
Last Activity: 15 July 2005, 10:55 PM EDT
Posts: 40
Thanks: 0
Thanked 0 Times in 0 Posts
There is so called "Host based authentication" can do the job. I can't provide full detail but you can google with above string. It mainly depends on ssh server and wherether the ssh client on AIX knows how to talk to the openssh ssh daemon on linux.

Tom
Sponsored Links
    #3  
Old 06-10-2005
Just Ice's Avatar
Just Ice Just Ice is offline Forum Advisor  
Lights on, brain off.
 
Join Date: Mar 2005
Last Activity: 20 September 2013, 10:59 AM EDT
Location: Philadelphia metro
Posts: 958
Thanks: 3
Thanked 66 Times in 59 Posts
if your SSH versions on both servers are talking in the same protocol --- OpenSSH v2 and OpenSSH v2 or OpenSSH v1 and OpenSSH v1 --- see "man ssh-keygen" for scripting options ...

otherwise, see the OpenSSH website for more tips ...
    #4  
Old 06-28-2005
etc etc is offline
Registered User
 
Join Date: May 2005
Last Activity: 14 December 2009, 5:08 PM EST
Posts: 19
Thanks: 0
Thanked 0 Times in 0 Posts
1) on the machine you are connecting from:

ssh-keygen -t dsa
hit enter and enter when it asks you for a password

2) cd $HOME/.ssh

3) scp id_dsa.pub root@<IP_address_of_machine_connecting_TO:/tmp

4) Get on the machine connecting TO and:

5) cat /tmp/id_dsa.pub >> $HOME/.ssh/authorized_keys

Note:

SSH has to be of roughly the same version and should use the same algorithm, i.e. either only rsa or only dsa. Be consistent. I am not sure if OpenSSH will work with SSH. It likely will, but if not, install OpenSSH on both machines.

Now you are able to connect passwordless. On the machine connecting from:

ssh root@<machine_connecting_to> uname -a

and it will show you the output of that command. Also can do ssh root@<machine_connecting_to>

Second Note:

Make sure that all files in $HOME/.ssh are chmoded to 600. SSH will not work if anything is say 755, world readable, even if the .ssh direction is not.

Last edited by etc; 06-28-2005 at 02:04 PM..
Sponsored Links
    #5  
Old 07-09-2005
hadarot hadarot is offline
Registered User
 
Join Date: Jul 2005
Last Activity: 8 December 2005, 3:36 AM EST
Posts: 33
Thanks: 0
Thanked 0 Times in 0 Posts
...a more secure method

The only issue with the above outlined process is that you now have a totally unencrypted private key laying around your hard drive, which is a security risk. So you should not always use this method of no password on the key, depending on other security factors, such as if your home directory is on an NFS exported directory within a large network, thus more vulnerable to attack.
Consider using ssh-agent. You can read about it in the online man or www.openssh.org. In this case, you supply a password when you generate your keys. I.e., when you do the ssh-keygen -t rsa command, don't simply hit enter twice, but actually enter a password when it prompts you for one. This will encrypt your private key, and to be able to use it you need to specify the password. But here is the cool thing: with ssh-agent, you only need to enter the password once per login session, and ssh-agent lets you reuse the key with no pawword authentication for the rest of that session. Thus you enter the key's password once, and then you can do ssh, scp, and sftp without any password authentication whatsoever.
(The entire process is real easy to do. For step by step instructions, see http://www.cc.gatech.edu/cns/software/ssh-agent.html.)

Last edited by hadarot; 07-09-2005 at 05:16 PM..
Sponsored Links
    #6  
Old 07-25-2005
vertigo23's Avatar
vertigo23 vertigo23 is offline
Registered User
 
Join Date: Jul 2005
Last Activity: 22 April 2011, 6:50 PM EDT
Location: SF, CA
Posts: 74
Thanks: 1
Thanked 0 Times in 0 Posts
Quote:
Originally Posted by hadarot
The only issue with the above outlined process is that you now have a totally unencrypted private key laying around your hard drive, which is a security risk. So you should not always use this method of no password on the key, depending on other security factors, such as if your home directory is on an NFS exported directory within a large network, thus more vulnerable to attack.
While this is certainly true, sometimes using unencrypted ssh private keys is the most secure way to carry out some tasks. For example, if I wanted to copy an file from one server to another server every night at 3am, that would be a good time to use an unencrypted ssh key.

To mitiage the risk, as mentioned above, you should make 100% sure that the directory containing the keys isn't being shared or served, and that the permissions on the private key are 0400 (user read-only). In the example above, where the user is only doing file copies, you should look into using a restricted shell like rssh, so that even if the key is compromised, the scope of attacks is much more limited.
Sponsored Links
    #7  
Old 07-26-2005
blowtorch's Avatar
blowtorch blowtorch is offline Forum Advisor  
AFK
 
Join Date: Dec 2004
Last Activity: 28 July 2014, 9:39 AM EDT
Location: UK
Posts: 2,351
Thanks: 0
Thanked 6 Times in 6 Posts
BTW, ssh will not work if permissions on the files are not restricted to the owner (read only for group/others will not work).
Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
su through normal user prompting for password. giridhar276 Shell Programming and Scripting 2 03-20-2012 02:38 PM
running a script using su - without prompting password d3xt3r Shell Programming and Scripting 3 12-11-2011 07:11 PM
scp without prompting for password satish@123 UNIX for Advanced & Expert Users 9 05-29-2011 03:25 AM
ssh via java prompting for password nrworld Programming 3 08-25-2010 11:57 AM
sftp prompting for password dsravan UNIX for Dummies Questions & Answers 1 05-03-2007 07:47 PM



All times are GMT -4. The time now is 09:21 AM.