Prompted for password when reverse SSH connecting


 
Thread Tools Search this Thread
Top Forums UNIX for Advanced & Expert Users Prompted for password when reverse SSH connecting
# 1  
Old 04-06-2015
Prompted for password when reverse SSH connecting

Dear Experts,

I am writing a batch script to transfer files from server AA to BB without prompting for password. Already, ssh keys have been generated in BB and public key of BB has been stored in AA as part of some other project requirement. So, I thought of reusing this. I can now transfer files from AA to BB using any of the below options.
  1. sftp from BB to AA and then "mget" the files
  2. run scp in BB to transfer files from AA to BB

However, in both these cases, I have to connect from BB to AA. But due to some internal requirements, my script has to run only in server AA and not BB. When I try to run sftp/scp in my script in server AA, it is prompting for password. I understand that I can create SSH keys in AA and then store the public key in BB. But is there a way to avoid this since an SSH connection already exists from BB to AA.

Saw many posts in unix.com and google too. Doesn't seem to narrow down on what I need. Please assist.

Also, why is it that I am able to connect only from BB to AA and not the other way around. I am guessing this is due to some restrictions setup while creating the keys. Please clarify. Details below.

OS of both the servers:
HP-UX 11.11

public key (id_dsa.pub) in server BB:
ssh-dss............................... userid@BB

Thanks heaps.

Last edited by rbatte1; 04-07-2015 at 01:44 PM.. Reason: Converted to LIST=1 tags from plain text
# 2  
Old 04-06-2015
In your setup, BB is the active part, the client, and AA is sort of server. If you want the roles reversed, you'll need to generate a key pair for AA on AA and store the public key on BB. There's no way around this.
You may want to consider "centralized" authentication like e.g. kerberos, but you'd need to implement it on every single server that you want to access.
This User Gave Thanks to RudiC For This Post:
# 3  
Old 04-07-2015
Thanks, Rudi. I hoped there was a work-around. Problem is that I have to connect from multiple servers to server BB where all files are merged. So, now I have to create public key in each of these servers and place them all in BB Smilie
# 4  
Old 04-07-2015
You have two choices then:-
  1. Generate an SSH key pair on each client that wants to connect to AA and store the public key for each in the ~/.ssh/authorized_keys files on server AA (one on each line)
  2. Generate a single SSH key pair on server AA and copy the private key to each client
The second option makes things slightly easier, but much more difficult to dismantle later on, should the need arise. I would strongly recommend option 1.



Robin
# 5  
Old 04-08-2015
Thanks, Robin. But regarding second option, is it advisable to place the private keys in other servers? Is this normally followed?
# 6  
Old 04-09-2015
It's probably not preferred as if you have a security breach on one server and need to change the key-pair, it affects all the servers. It is a little more work initially, but I would always go for option 1.




Robin
# 7  
Old 04-15-2015
Thanks, Robin.
Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Connecting using ssh

We have 2 different servers say A and B and I want to check the log file of 2 servers simultaneously. If I am logged into server A how can I connect to server B. I have used ssh username@B.But it is asking password. How can I give the password on ssh. Or is there any other utility for... (2 Replies)
Discussion started by: jim john
2 Replies

2. Red Hat

changing which password is prompted for in sudoers

Basically I only want particular users to know the root password, but I also want power users to be able to run certain commands with root privileges. All admins for this box will be authenticating initially through winbind (I do have a backdoor account in case winbind goes wonky) I want... (0 Replies)
Discussion started by: thmnetwork
0 Replies

3. IP Networking

Connecting via SSH with dynamic IP

My VPN setup requires me to allow users via IP in the firewall, before they can access the VPN via SSH. The problem is that my home IP is dynamic, and I have to re-add it every time I reconnect. Any ideas? (2 Replies)
Discussion started by: rlopes
2 Replies

4. Linux

connecting to SSH

Well im on Fedora, and theres no sub section for Fedora so yea Well how do you connect to an SSH, while on a windows terminal? And also to transfer a file from my desktop to a server? how is this done scp command is not working for me (3 Replies)
Discussion started by: gangsta
3 Replies

5. Shell Programming and Scripting

How to enter a password in the script automatically when prompted?

Hi Friends, We need to create a script which will invoke a command with diffrent parameters. The command invoked needs the password. So how automatically we can enter password in the script to the command? example.: #!/bin/ksh for par in `cat parfile` do # Here is the main command... (1 Reply)
Discussion started by: sourabhsharma
1 Replies

6. Shell Programming and Scripting

Connecting other server using ssh!

Hi All, Here i am having a problem in my script....:) i have one script which will connect from my linux box to antoher linux box.. let say...currently i am in 55.23.621.123 and i want to connect to another box which is 55.23.621.118 as we know we can connect using ssh... (2 Replies)
Discussion started by: Shahul
2 Replies

7. HP-UX

Prompted for System Password during login

Hello, I'm new to HP-UX. I have a system running B.11.23 on ia64. The system gets its user passwords via active directory. Everytime a new account is added to AD a script pushes out the account info to all the systems and this system is updated too. However, on this machine, users are unable to... (2 Replies)
Discussion started by: BFLO
2 Replies
Login or Register to Ask a Question