07-23-2012
Quote:
Originally Posted by
Scott
The code looks OK, but without knowing the values of the variables, how can we know for sure? (I would just say that you're scp'ing a file to a remote server, then chmod'ing it locally).
I'd be surprised if you Googled "password-less authentication using SSH" and didn't get a good answer.
I will take a look at Google to see if I can come up with something that helps.
Basically we are SCPing a file onto the same server, just with a different account as the files are owned by (app)proc and we are logged in with the application account that initiates the launch of the script.
Is this the proper way to move files owned by a different account or is there something else we should be doing to have this as the end result?
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi, When Iam trying to do SFTP it is asking for password everytime. Can I have any alternative where I can provide the password in script itself. Because there are some control-M jobs which runs without user interaction. So please let me know the script where we can provide the password in the... (2 Replies)
Discussion started by: manneni prakash
2 Replies
2. Windows & DOS: Issues & Discussions
Hi,
I installed OpenSSH for Windows v3.8.1 on a Windows Server 2003 R2.
From my pc (which is running windows XP), I can run commands like scp to the server.
But its prompting me for a password.
I googled some more and found out about the public/private keys which i set up.
But... (2 Replies)
Discussion started by: wala_lang
2 Replies
3. Shell Programming and Scripting
Hi,
I want to establish a passwordless sftp between the two servers. I've searched the net and know the steps to be taken; which are as follows:
$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (~/.ssh/id_rsa):
~/.ssh/id_rsa already... (3 Replies)
Discussion started by: dips_ag
3 Replies
4. Shell Programming and Scripting
Hi,
In our project we already have a passwordless sftp with -b (batchfile) option working but there have been some new application rolled out at the client site and they want us to raise the DEBUG option somebody suggested to use following options with sftp command
-oLogLevel=DEBUG... (4 Replies)
Discussion started by: dips_ag
4 Replies
5. Cybersecurity
Hi,
I set up the keys on local and remote server. If I simply do:
sftp xxx.xxx.xxx.xxx
It works without asking for a password. But if I change the command to:
sftp user@server it prompts me for password.
Anybody know how to rectify this? Thanks a bunch.
EDIT: I copied the key... (3 Replies)
Discussion started by: tetra
3 Replies
6. Shell Programming and Scripting
Hello all,
I have a requirement, in which we need to stage a package to Unix remote server in an automation (we cant use ssh key generation) , do u have any idea how we can transfer the package to remote server using sftp .if you have any script plz share it to me (4 Replies)
Discussion started by: Ramji Sundaram
4 Replies
7. Solaris
Hello Experts,
I am trying to setup passwordless sftp from one of linux box to solaris box.
I have generated key-pair and below is the permissions of the respective files.
drwx------. 2 sftpuser sftpuser 4096 Dec 17 23:57 .ssh
drwx------. 2 sftpuser sftpuser 4096 Dec 17 23:57 .... (16 Replies)
Discussion started by: sai_2507
16 Replies
8. UNIX for Dummies Questions & Answers
I know the "how to setup passwordless SSH" question is asked probably 5 times a week.
I know how to setup passwordless SSH, it's not tough, however after reinstalling linux on my server, I found a problem. I could SSH into my server just fine, no password required, however SCP still required a... (4 Replies)
Discussion started by: corrado33
4 Replies
9. Shell Programming and Scripting
Hi,
I am using the below command in
suexec -u webuser /local/Tomcat7//0/tc7u/tomcat7.sh status
But it prompts for the password of executing user.
Let me know if any options available for passwordless or supplying password in script. (0 Replies)
Discussion started by: pravinbtech
0 Replies
10. UNIX for Beginners Questions & Answers
Hi
I am trying to do SFTP in shell script in such a way that it should not ask for password.
for this is use below script but it prompt for password. here I am not abled to understand where I am making mistake.
#!/bin/bash
# SFTP TO remote server
USER="ITO"
PASSWORD="abcd@1234"... (4 Replies)
Discussion started by: scriptor
4 Replies
LEARN ABOUT PLAN9
krb5_auth_rules
krb5_auth_rules(5) Standards, Environments, and Macros krb5_auth_rules(5)
NAME
krb5_auth_rules - Overview of Kerberos V5 authorization
DESCRIPTION
When a user uses kerberized versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's
claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user is "who
he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity
is permitted to access the Solaris user account that the client wants to access.
Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file should
contain a Kerberos principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to
the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file.
If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)). If the originating
user's Kerberos V5 identity is in the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the
client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then
the originating user is denied access.
For example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM
appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database (see passwd(4)) with uid 23154, then
access to account jdb-user is granted. Of course, normally, the target account name in this example would be jdb and not jdb-user.
Finally, if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will
be granted access to the account if and only if all of the following are true:
o The user part of the authenticated principal name is the same as the target account name specified by the client.
o The realm part of the client and server are the same.
o The target account name exists on the server.
For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM, then even if
jdb is a valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM
differ.
FILES
~/.k5login Per user-account authorization file.
/etc/passwd System account file. This information may also be in a directory service. See passwd(4).
ATTRIBUTES
See attributes(5) for a description of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO
ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5)
NOTES
To avoid security problems, the ~/.k5login file must be owned by the remote user.
SunOS 5.10 13 Apr 2004 krb5_auth_rules(5)