Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Controlling a child's stdin/stdout (not working with scp)
Top Forums Programming Controlling a child's stdin/stdout (not working with scp) Post 302403498 by Corona688 on Friday 12th of March 2010 05:47:14 PM
Old 03-12-2010
Quote:
Originally Posted by DreamWarrior
Much appreciated, and yes I agree, this is a much better solution than my hacking away supposing they'll let me do it. They may still say "well, if your dreamwarrior account gets hacked then the hacker has access to everything now...don't they." In which case, I suppose I can use the passphrase on the key and at least (according to Corona) I should only have to enter the passphrase once to enable the key and never again. Then there's another level of security.
The trick is you need to run ssh-agent, export the variables it gives you, then run ssh-add, at which point it will ask you for the password for your key. Once that's done, you'll be able to ssh, sftp, or scp into anything that accepts that key without a password until you kill that instance of ssh-agent. I login in the morning, enter the password once, do any remote stuff without any further passwords prompts, then kill the agent and logout at the end of the day Smilie
Code:
$ ssh-agent
SSH_AUTH_SOCK=/tmp/ssh-jDJEL19095/agent.19095; export SSH_AUTH_SOCK;
SSH_AGENT_PID=19096; export SSH_AGENT_PID;
echo Agent pid 19096;
$ SSH_AUTH_SOCK=/tmp/ssh-jDJEL19095/agent.19095; export SSH_AUTH_SOCK;
$ SSH_AGENT_PID=19096; export SSH_AGENT_PID;
$ ssh-add
Enter passphrase for /home/xyz/.ssh/id_dsa:
Identity added: /home/xyz/.ssh/id_dsa (/home/xyz/.ssh/id_dsa)
$ ssh anemone
Last login: Thu Mar 11 16:01:39 CST 2010 from mecgentoo.vpn on ssh
Last login: Fri Mar 12 16:57:17 2010 from mecgentoo.vpn
xyz@anemone ~ $

If you need to login to one remote machine from another remote machine, it can even forward ssh-agent from one machine to another if you use ssh -A.
Last edited by Corona688; 03-12-2010 at 06:58 PM..
 

10 More Discussions You Might Find Interesting

1. Programming

Controlling child processes

Hello all, I am trying to create n child processes and control them from a parent process; say make child 3 print its pid and then child 5 do the same and some other stuff. Is there a way to accomplishing this after all the child processes are created via a call to fork(). Thank you, FG (23 Replies)
Discussion started by: forumGuy
23 Replies

2. Programming

C++ How to use pipe() & fork() with stdin and stdout to another program

Hi, Program A: uses pipe() I am able to read the stdout of PROGAM B (stdout got through system() command) into PROGRAM A using: * child -> dup2(fd, STDOUT_FILENO); -> execl("/path/PROGRAM B", "PROGRAM B", NULL); * parent -> char line; -> read(fd, line, 100); Question:... (2 Replies)
Discussion started by: vvaidyan
2 Replies

3. Programming

stdout/stdin + flushing buffers

Hi all I've run into a snag in a program of mine where part of what I entered in at the start of run-time, instead of the current value within printf() is being printed out. After failing with fflush() and setbuf(), I tried the following approach void BufferFlusher() { int in=0;... (9 Replies)
Discussion started by: JamesGoh
9 Replies

4. UNIX for Dummies Questions & Answers

Redirect stdin stdout to multiple files

Hi, i know how to a) redirect stdout and stderr to one file, b) and write to two files concurrently with same output using tee command Now, i want to do both the above together. I have a script and it should write both stdout and stderr in one file and also write the same content to... (8 Replies)
Discussion started by: ysrini
8 Replies

5. Shell Programming and Scripting

can't close stdin/stdout in shell

#!/bin/sh exec 0</dev/null exec 1>/dev/null ls -l /proc/self/fd >&2 produces total 0 lr-x------ 1 tyler users 64 Feb 18 10:38 0 -> /proc/7886/fd lrwx------ 1 tyler users 64 Feb 18 10:38 1 -> /dev/pts/4 lrwx------ 1 tyler users 64 Feb 18 10:38 2 -> /dev/pts/4 I've verified the shell is... (10 Replies)
Discussion started by: Corona688
10 Replies

6. Shell Programming and Scripting

Redirecting stdin/stdout to/from command from/to string

Hi, I am working on a project where I have to generate and execute nasm code on-the-fly. I generate the code in a file program.asm and then execute it.This output is to stdout which i redirect to an output file which i read back to compare results: system("nasm -f elf program.asm >... (5 Replies)
Discussion started by: doc_cypher
5 Replies

7. Programming

read and write stdin/stdout in unix

Hi, i am using the below program to read from the standard input or to write to standard out put. i know that using highlevel functions this can be done better than what i have done here. i just want to know is there any other method by which i find the exact number of characters ( this... (3 Replies)
Discussion started by: MrUser
3 Replies

8. UNIX for Dummies Questions & Answers

STDIN and STDOUT

Hallo, i have a script like: if ;then echo "OK" else echo "ERROR $2 is missing" fi; if ;then touch $2 fi; if ;then cat $1 | grep xy > $2 (1 Reply)
Discussion started by: eightball
1 Replies

9. Shell Programming and Scripting

Controlling the Number of Child processes

I am trying to implement the below using Ksh script on a Lx machine. There is a file(input_file) with 100K records. For each of these records, certain script(process_rec) needs to be called with the record as input. Sequential processing is time-consuming and parallel processing would eat up... (2 Replies)
Discussion started by: APT_3009
2 Replies

10. Shell Programming and Scripting

[stdin / stdout] Strategies for redirecting outputs

Well.. let's say i need to write a pretty simple script. In my script i have 2 variables which can have value of 0 or 1. $VERBOSE $LOG I need to implement these cases: ($VERBOSE = 0 && $LOG = 0) => ONLY ERROR output (STDERR to console && STDOUT to /dev/null) ($VERBOSE = 1... (5 Replies)
Discussion started by: Marmz
5 Replies

LEARN ABOUT DEBIAN

ssh-agent

SSH-AGENT(1)						    BSD General Commands Manual 					      SSH-AGENT(1)

NAME

     ssh-agent -- authentication agent

SYNOPSIS

     ssh-agent [-c | -s] [-d] [-a bind_address] [-t life] [command [arg ...]]
     ssh-agent [-c | -s] -k

DESCRIPTION

     ssh-agent is a program to hold private keys used for public key authentication (RSA, DSA, ECDSA).	The idea is that ssh-agent is started in
     the beginning of an X-session or a login session, and all other windows or programs are started as clients to the ssh-agent program.  Through
     use of environment variables the agent can be located and automatically used for authentication when logging in to other machines using
     ssh(1).

     The options are as follows:

     -a bind_address
	     Bind the agent to the UNIX-domain socket bind_address.  The default is $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>.

     -c      Generate C-shell commands on stdout.  This is the default if SHELL looks like it's a csh style of shell.

     -d      Debug mode.  When this option is specified ssh-agent will not fork.

     -k      Kill the current agent (given by the SSH_AGENT_PID environment variable).

     -s      Generate Bourne shell commands on stdout.	This is the default if SHELL does not look like it's a csh style of shell.

     -t life
	     Set a default value for the maximum lifetime of identities added to the agent.  The lifetime may be specified in seconds or in a time
	     format specified in sshd_config(5).  A lifetime specified for an identity with ssh-add(1) overrides this value.  Without this option
	     the default maximum lifetime is forever.

     If a commandline is given, this is executed as a subprocess of the agent.	When the command dies, so does the agent.

     The agent initially does not have any private keys.  Keys are added using ssh-add(1).  When executed without arguments, ssh-add(1) adds the
     files ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/id_ecdsa and ~/.ssh/identity.  If the identity has a passphrase, ssh-add(1) asks for the
     passphrase on the terminal if it has one or from a small X11 program if running under X11.  If neither of these is the case then the authen-
     tication will fail.  It then sends the identity to the agent.  Several identities can be stored in the agent; the agent can automatically use
     any of these identities.  ssh-add -l displays the identities currently held by the agent.

     The idea is that the agent is run in the user's local PC, laptop, or terminal.  Authentication data need not be stored on any other machine,
     and authentication passphrases never go over the network.	However, the connection to the agent is forwarded over SSH remote logins, and the
     user can thus use the privileges given by the identities anywhere in the network in a secure way.

     There are two main ways to get an agent set up: The first is that the agent starts a new subcommand into which some environment variables are
     exported, eg ssh-agent xterm &.  The second is that the agent prints the needed shell commands (either sh(1) or csh(1) syntax can be gener-
     ated) which can be evaluated in the calling shell, eg eval `ssh-agent -s` for Bourne-type shells such as sh(1) or ksh(1) and eval `ssh-agent
     -c` for csh(1) and derivatives.

     Later ssh(1) looks at these variables and uses them to establish a connection to the agent.

     The agent will never send a private key over its request channel.	Instead, operations that require a private key will be performed by the
     agent, and the result will be returned to the requester.  This way, private keys are not exposed to clients using the agent.

     A UNIX-domain socket is created and the name of this socket is stored in the SSH_AUTH_SOCK environment variable.  The socket is made accessi-
     ble only to the current user.  This method is easily abused by root or another instance of the same user.

     The SSH_AGENT_PID environment variable holds the agent's process ID.

     The agent exits automatically when the command given on the command line terminates.

FILES

     ~/.ssh/identity
	     Contains the protocol version 1 RSA authentication identity of the user.

     ~/.ssh/id_dsa
	     Contains the protocol version 2 DSA authentication identity of the user.

     ~/.ssh/id_ecdsa
	     Contains the protocol version 2 ECDSA authentication identity of the user.

     ~/.ssh/id_rsa
	     Contains the protocol version 2 RSA authentication identity of the user.

     $TMPDIR/ssh-XXXXXXXXXX/agent.<ppid>
	     UNIX-domain sockets used to contain the connection to the authentication agent.  These sockets should only be readable by the owner.
	     The sockets should get automatically removed when the agent exits.

SEE ALSO

     ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)

AUTHORS

     OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
     Theo de Raadt and Dug Song removed many bugs, re-added newer features and created OpenSSH.  Markus Friedl contributed the support for SSH
     protocol versions 1.5 and 2.0.

BSD
								 November 21, 2010							       BSD
All times are GMT -4. The time now is 03:45 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy