Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: ssh - at login Passphrase for key required
Top Forums UNIX for Advanced & Expert Users ssh - at login Passphrase for key required Post 28954 by HappyByte on Thursday 26th of September 2002 05:51:27 PM
Old 09-26-2002
below is my conspect of using scp
may be auth method will help for sftp also

user mailreplicator must exist on all machines
user mailreplicator mush have valid shell (bash or so)

now you can access or use scp to any of hosts w/o pass

/usr/bin/scp -pBqC -P 2200 mailreplicator@rc.host.com:/var/qmail/control/virtualdomains .

----------------------------------
su - mailreplicator

#1) generate rsa & dsa keys
ssh-keygen -t rsa
ssh-keygen -t dsa

#2) prepare remote authorized_keys2
cat .ssh/id_rsa.pub .ssh/id_dsa.pub > .ssh/authorized_keys2
mkdir .ssh/.ssh
cp .ssh/authorized_keys2 .ssh/.ssh

#3) fix permissions
/usr/bin/find .ssh -type d -exec /bin/chmod 700 \{} \;
/usr/bin/find .ssh -type f -exec /bin/chmod 600 \{} \;

#4) propagate keys on all hosts !!! PASSWORDS are now required
scp -pvqC -P 2200 -c 3des -r .ssh/.ssh mailreplicator@rc.host.com:/usr/home/mailreplicator/.ssh
scp -pvqC -P 2200 -c 3des -r .ssh/.ssh mailreplicator@bb.host.com:/usr/home/mailreplicator/.ssh
scp -pvqC -P 2200 -c 3des -r .ssh/.ssh mailreplicator@ob.host.com:/usr/home/mailreplicator/.ssh
scp -pvqC -P 2200 -c 3des -r .ssh/.ssh mailreplicator@m1.host.com:/usr/home/mailreplicator/.ssh
scp -pvqC -P 2200 -c 3des -r .ssh/.ssh mailreplicator@h1.host.com:/usr/home/mailreplicator/.ssh
scp -pvqC -P 2200 -c 3des -r .ssh/.ssh mailreplicator@ac.host.com:/usr/home/mailreplicator/.ssh
scp -pvqC -P 2200 -c 3des -r .ssh/.ssh mailreplicator@sm.host.com:/usr/home/mailreplicator/.ssh
scp -pvqC -P 2200 -c 3des -r .ssh/.ssh mailreplicator@host.com:/usr/home/mailreplicator/.ssh
----------------------------------
HappyByte
 

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

passphrase and ssh authentication

In which case could be better don't use a passphrase creating an authentication key for ssh comunications? Thanks in advance. (1 Reply)
Discussion started by: Minguccio75
1 Replies

2. Solaris

SSH passphrase and Password

Hello all, Today we run ssh with keys on all our Solaris systems. But I wounder: Is it possible to add another authentication too. Like the os/system regular password so the users first need to enter the ssh phasssphrase and after that they need to enter the os/system password. I need like... (3 Replies)
Discussion started by: jOOc
3 Replies

3. UNIX for Dummies Questions & Answers

ssh with key login - i dont get it

in my webhosts CPanel i generated keys it gives me this public key: ssh-dss... (1 Reply)
Discussion started by: scarfake
1 Replies

4. Programming

Passphrase protection of private key

Hi all, I have written a Java program to generate RSA public and private keys. I am writing the keys to a file and reading from it when required to encryption or decryption. I want to protect the private key file using a passphrase. Can anyone tell me how to do it? :( Thanks. (2 Replies)
Discussion started by: Treasa
2 Replies

5. Shell Programming and Scripting

automated ssh with provision for passphrase

Below is a part of my shell script. Currently I have shared the public key of the client with the host, therefore I will not be prompted for the password. The key that has been created on the client is also without a passphrase. If it is created with a passphrase, the code I have will not... (3 Replies)
Discussion started by: farahzaiba
3 Replies

6. UNIX for Advanced & Expert Users

ssh: require passphrase from some servers but not others

We have a number of linux clusters running Oracle. The clusters require that all member nodes have promptless/passwordless login through ssh (ie. the keys were created with null passphrases). We also have a management server that is not a member of any cluster but routinely connects to nodes of all... (3 Replies)
Discussion started by: Squeakygoose
3 Replies

7. OS X (Apple)

ssh passphrase issues - Mac OS X

ssh passphrase permissions issues I will try to be as thorough as possible, but keep in mind I am a designer, not a programmer... I do have linux mdadm experience and am reasonably comfortable behind the terminal, but I may need things to be spelled out for me. I am using 2 new-ish Macs with... (1 Reply)
Discussion started by: Ahab the Eskimo
1 Replies

8. AIX

ssh public key auth "Remote login for account is not allowed" ?

Hello, Using AIX 6.1 boxes. User user1 connects from box A to box B using ssh. When password authentication is used everything is fine. When I configure user1 to use public key authentication sftp client works fine(no password asked), but ssh client fails. This is sshd log: Accepted publickey... (3 Replies)
Discussion started by: vilius
3 Replies

9. Shell Programming and Scripting

Supply passphrase for ssh in script

I would like to write a bash shell script which will connect to remote server using passphrase. (I have public-private infrastructure created, and as per instruction, I must not use password less ssh). This particular script will be fired from cron. Can you please advice how I can supply the... (2 Replies)
Discussion started by: atanubanerji
2 Replies

10. UNIX for Advanced & Expert Users

Ssh public/private key user login problem

I have a user account configuration with ssh public/private key that works on multiple servers centos and rhel. One server (Server F) that is not working in centos 6.8. When i ssh into server f I get prompted for a password. I have verified the config and it all is good. I put sshd into debug... (8 Replies)
Discussion started by: bash_in_my_head
8 Replies

LEARN ABOUT LINUX

ssh-keysign

SSH-KEYSIGN(8)						    BSD System Manager's Manual 					    SSH-KEYSIGN(8)

NAME

     ssh-keysign -- ssh helper program for host-based authentication

SYNOPSIS

     ssh-keysign

DESCRIPTION

     ssh-keysign is used by ssh(1) to access the local host keys and generate the digital signature required during host-based authentication with
     SSH protocol version 2.

     ssh-keysign is disabled by default and can only be enabled in the global client configuration file /etc/ssh/ssh_config by setting
     EnableSSHKeysign to ``yes''.

     ssh-keysign is not intended to be invoked by the user, but from ssh(1).  See ssh(1) and sshd(8) for more information about host-based authen-
     tication.

FILES

     /etc/ssh/ssh_config
	     Controls whether ssh-keysign is enabled.

     /etc/ssh/ssh_host_dsa_key
     /etc/ssh/ssh_host_ecdsa_key
     /etc/ssh/ssh_host_rsa_key
	     These files contain the private parts of the host keys used to generate the digital signature.  They should be owned by root, read-
	     able only by root, and not accessible to others.  Since they are readable only by root, ssh-keysign must be set-uid root if host-
	     based authentication is used.

     /etc/ssh/ssh_host_dsa_key-cert.pub
     /etc/ssh/ssh_host_ecdsa_key-cert.pub
     /etc/ssh/ssh_host_rsa_key-cert.pub
	     If these files exist they are assumed to contain public certificate information corresponding with the private keys above.

SEE ALSO

     ssh(1), ssh-keygen(1), ssh_config(5), sshd(8)

HISTORY

     ssh-keysign first appeared in OpenBSD 3.2.

AUTHORS

     Markus Friedl <markus@openbsd.org>

BSD
								  August 31, 2010							       BSD
All times are GMT -4. The time now is 07:50 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy