Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: SSH with Keyboard Interactive
Special Forums UNIX and Linux Applications SSH with Keyboard Interactive Post 302392062 by royalliege on Wednesday 3rd of February 2010 08:57:19 AM
Old 02-03-2010
If I set PasswordAuthentication yes; then it doesn't require interactive input. The SSH program that my friends use can save passwords; that is the main problem actually. Anyone access to their computer can login to any server they want without entering passwords which causes security problem. Linux servers became ok; after setting the parameter KbdInteractiveAuthentication which isn't in any sshd man. All sshd man look the same actually, i don't know why.
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

ERROR : Permission denied (publickey,password,keyboard-interactive).

Hello, when I try to connect to a remote machine through SSH username@host I am getting the error message Permission denied (publickey,password,keyboard-interactive). Can any one tell me what is the problem. the key is added in the remote machines authorized_keys file. (5 Replies)
Discussion started by: deepusunil
5 Replies

2. Shell Programming and Scripting

Exit SSH if it is interactive

I am writing an automation that will ssh into hundreds of system and run a few commands. I ll be looping from ip X.X.X.10 to X.X.X.200 I have public key set up ready for "most" of them to run ssh non interactively. However some of the systems in these ip range do not have the public private key... (2 Replies)
Discussion started by: vickylife
2 Replies

3. Shell Programming and Scripting

SSH non-interactive

Hi, I want to know how to use SSH non-interactively? I am already able to use sftp -b <batch file> user@host so public/private key set-up already is in place. But my supervisor has told me to use SSH now I want to know how it can be done? I want to do something like: done_files=`ssh ls... (7 Replies)
Discussion started by: dips_ag
7 Replies

4. Shell Programming and Scripting

Non-interactive FTP within SSH session not working

Hello everyone! I am trying to log-in to a remote server over SSH, transfer file1 there, perform some checks, capture the results in file2 and transfer file2 back to my local server - all of this non-interactively. Initially, I tried to do this within a singe SSH session, using the following... (2 Replies)
Discussion started by: Subu1987
2 Replies

5. AIX

SSH Error - Permission denied (publickey,keyboard-interactive)

Hello, I'm trying to setup password less authentication to remote ssh server. I generated the public key and gave it to the vendor and The key is added in the remote machines authorized_keys file. When I try to connect to a remote machine through SFTP username@host I am getting the error... (4 Replies)
Discussion started by: nice_chapp
4 Replies

6. Shell Programming and Scripting

ksh script with Interactive ssh on remote server

HI Unix Gurus, I an stuck in an interesting issue, where I am trying to execute a script on remote server after ssh. The script on remote server is interactive,. Whenever it is called it hangs where it expects input from terminal and I have to terminate it. I have searched through fourm... (12 Replies)
Discussion started by: Jeevanm
12 Replies

7. Red Hat

Password less SSH for non-interactive NUID

We have a script which rsyncs two directories on two servers. This rsync will happen with the ID svID. But the script runs with the Control-M ID opID. we have setup password less SSH for svID, but it fails with Host key verification failed when the script is executed by opID. As opID is a... (1 Reply)
Discussion started by: Madimi
1 Replies

8. Red Hat

Su-only account with ssh capability and no interactive login

Hello experts, Is it possible to have an user account on RHEL 6.3 as a su-only account, but with ssh capability and no interactive login? Let me elaborate. Say, we have a cluster of 5 RHEL 6.3 servers and an user account (strmadmin) on each of the server as an su-only... (1 Reply)
Discussion started by: naveendronavall
1 Replies

9. Shell Programming and Scripting

Interactive script through ssh AIX UNIX

I wish to launch a script with ssh command. This script launches a menu. The menu displays well but I can't interact with it. Can you help me :confused: ? (1 Reply)
Discussion started by: khalidou13
1 Replies

10. Shell Programming and Scripting

Issues making SSH non-Interactive

I fire the rsyn command as below: rsync --delay-updates -F --compress --archive -e "/usr/bin/ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no" user1@myhost.server.com:/tmp/jarexplorer-0.7.jar /web/admin/data/ The above command get interpreted as below: ssh -vvv -o... (4 Replies)
Discussion started by: mohtashims
4 Replies

LEARN ABOUT DEBIAN

sshpass

SSHPASS(1)							Sshpass User Manual							SSHPASS(1)

NAME

       sshpass - noninteractive ssh password provider

SYNOPSIS

       sshpass [-ffilename|-dnum|-ppassword|-e] [options] command arguments

DESCRIPTION

       This manual page documents the sshpass command.

       sshpass	is  a  utility	designed for running ssh using the mode referred to as "keyboard-interactive" password authentication, but in non-
       interactive mode.

       ssh uses direct TTY access to make sure that the password is indeed issued by an interactive keyboard user. Sshpass runs ssh in a dedicated
       tty, fooling it into thinking it is getting the password from an interactive user.

       The command to run is specified after sshpass' own options. Typically it will be "ssh" with arguments, but it can just as well be any other
       command. The password prompt used by ssh is, however, currently hardcoded into sshpass.

Options
       If no option is given, sshpass reads the password from the standard input. The user may give at most one alternative source for	the  pass-
       word:

       -ppassword
	      The password is given on the command line. Please note the section titled "SECURITY CONSIDERATIONS".

       -ffilename
	      The password is the first line of the file filename.

       -dnumber
	      number is a file descriptor inherited by sshpass from the runner. The password is read from the open file descriptor.

       -e     The password is taken from the environment variable "SSHPASS".

SECURITY CONSIDERATIONS

       First and foremost, users of sshpass should realize that ssh's insistance on only getting the password interactively is not without reason.
       It is close to impossible to securely store the password, and users of sshpass should consider whether ssh's public key authentication pro-
       vides the same end-user experience, while involving less hassle and being more secure.

       The -p option should be considered the least secure of all of sshpass's options.  All system users can see the password in the command line
       with a simple "ps" command. Sshpass makes a minimal attempt to hide the password, but such attempts are doomed to  create  race	conditions
       without	actually  solving  the problem. Users of sshpass are encouraged to use one of the other password passing techniques, which are all
       more secure.

       In particular, people writing programs that are meant to communicate the password programatically are encouraged to use an  anonymous  pipe
       and pass the pipe's reading end to sshpass using the -d option.

RETURN VALUES

       As with any other program, sshpass returns 0 on success. In case of failure, the following return codes are used:

       1      Invalid command line argument

       2      Conflicting arguments given

       3      General runtime error

       4      Unrecognized response from ssh (parse error)

       5      Invalid/incorrect password

       6      Host public key is unknown. sshpass exits without confirming the new key.

       In  addition,  ssh  might be complaining about a man in the middle attack. This complaint does not go to the tty. In other words, even with
       sshpass, the error message from ssh is printed to standard error. In such a case ssh's return code is reported back. This is  typically	an
       unimaginative (and non-informative) "255" for all error cases.

EXAMPLES

       Run rsync over SSH using password authentication, passing the password on the command line:

       rsync --rsh='sshpass -p 12345 ssh -l test' host.example.com:path .

       To do the same from a bourne shell script in a marginally less exposed way:

       SSHPASS=12345 rsync --rsh='sshpass -e ssh -l test' host.example.com:path .

BUGS

       Sshpass	is in its infancy at the moment. As such, bugs are highly possible. In particular, if the password is read from stdin (no password
       option at all), it is possible that some of the input aimed to be passed to ssh will be read by sshpass and lost.

       Sshpass utilizes the pty(7) interface to control the TTY for ssh. This interface, at least on Linux, has a misfeature  where  if  no  slave
       file  descriptors  are open, the master pty returns EIO. This is the normal behavior, except a slave pty may be born at any point by a pro-
       gram opening /dev/tty. This makes it impossible to reliably wait for events without consuming 100% of the CPU.

       Over the various versions different approaches were attempted at solving this problem.  Any given version of sshpass is released  with  the
       belief  that it is working, but experience has shown that these things do, occasionally, break. This happened with OpenSSH version 5.6.	As
       of this writing, it is believed that sshpass is, again, working properly.

Lingnu Open Source Consulting					  August 6, 2011							SSHPASS(1)
All times are GMT -4. The time now is 07:35 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy