This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
SSH CommandLine Tips
SSH CommandLine Tips

Version management

Difference between version and

At line 1 added 98 lines
!!![Shared Keys on Linux]
Here an example [command-line]:
$ ssh ndsuser@sh.svr.willeke.com "ls -l /var/nds/dib/*.TAO"
You do have to be in sh.svr.willeke.com as ndsuser, as the SSH configuration is unique for each shell account.
Here are the notes made to set this up on another host:
{{{
# Setting up password-less SSH access (Servers running OpenSSH -- EMR standard)
ssh-keygen -t rsa ## only have to do this once
# Repeat these steps on each remote system
scp ~/.ssh/id_rsa.pub ndsuser@serverName.svr.wilelke.com:mykey.pub
ssh ndsuser@serverName.svr.wilelke.com
# Run these [command-lines] in the remote shell
if [ ! -d ./.ssh ]; then mkdir ./.ssh; fi
cat mykey.pub >> .ssh/authorized_keys
rm mykey.pub
}}}
!We worked with a client that was using F-Secure
Here is what we did there.
{{{
# Setting up password-less SSH access (For servers running F-Secure -- rare these days)
# Convert the original OpenSSH key to v2
ssh-keygen -ef ~/.ssh/id_rsa.pub > ~/.ssh/my-secsh-key.pub
scp ~/.ssh/my-secsh-key.pub ndsuser@serverName.svr.wilelke.com:
ssh ndsuser@serverName.svr.wilelke.com
#
mv ./my-secsh-key.pub ./.ssh2/E017122.DTUSU33608RF.pub
echo "Key E017122.DTUSU33608RF.pub">>./.ssh2/authorization
}}}
!!!The Agent
The Agent is the program, ssh-agent, that runs on the local machine and acts as your proxy when an ssh command requires a passphrase.
Normally you would type a password or passphrase when requested by ssh or scp. However, the agent can provide the passphrase for you. The trick is telling the SSH commands to get the passphrase from the agent rather than you. First you must ``prime'' the agent and then you must ``attach'' the agent to one or more processes.Priming the Agent
To ``prime'' the agent issue the following [command-lines] (on the local machine):
ssh_info_file=~/.ssh-agent-info-`hostname`
ssh-agent >$ssh_info_file
chmod 600 $ssh_info_file
. $ssh_info_file
ssh-add ~/.ssh/identity
ssh-add ~/.ssh/id_dsa
ssh-add ~/.ssh/id_rsa
Each ssh-add command will prompt you for the appropriate passphrase.
Note the output of hostname is appended to the name of the ssh agent info file. This distinguishes the name of the file from other instances of the file that may be created in a multi-host, shared home directory environment.
It's convenient to capture this sequence in a shell script:
#!/bin/bash
# Creates an ssh-agent, writes ssh agent info
# to the file '~/.ssh-agent-info-`hostname`' and then prompts
# user for keys. Then any shell can use the agent
# by sourcing the contents of ~/.ssh-agent-info-`hostname`:
# . ~/ssh-agent-info-`hostname`
ssh_info_file=~/.ssh-agent-info-`hostname`
ssh-agent >$ssh_info_file
chmod 600 $ssh_info_file
. $ssh_info_file
for i in identity id_dsa id_rsa
do
ssh-add .ssh/\$i
done
Save this script as ssh_prime in your home directory. Now you can type:
source ssh_prime
You need only ``prime'' your agent once each time you reboot your machine. The agent will stay active across logins.
Now you should be able to connect, without entering a password, to all remote machines that have the public keys you generated earlier.
Note that the shell command source ssh_prime both primes the agent and attaches it to the current shell process (and its children). However, in some cases (example given below), you may need to explicitly attach the agent to a process after the agent has been primed. Some helpful on urls:
*[http://www.cs.wustl.edu/~mdeters/how-to/ssh/|http://www.cs.wustl.edu/~mdeters/how-to/ssh/]
*[http://www.massey.ac.nz/~jriden/passwordless-ssh.html|http://www.massey.ac.nz/~jriden/passwordless-ssh.html]
----
When doing this from a Solaris-to-Windows server it seems (from reading through debug listings) that you need to add an "identification" file in the /home/xxx/.ssh2 directory on the unix side.. with the information listed on this url:
http://backuppc.sourceforge.net/faq/ssh.html
Scroll (or search) done to the "identification" section.
Also be aware that some Windows servers may prefer a DSA key format vs an RSA key format, when using ssh-keygen -t ... (haven't figured that one out yet...but at least this is working for now.)
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop