[ale] automating an ssh script?

Joseph A Knapka jknapka at earthlink.net
Thu Jul 25 11:19:02 EDT 2002


"ChangingLINKS.com" wrote:
> 
> I really hate to bug you about this. I have been reading the man pages, and
> guessing at this process - but I keep meeting resistance. Could you please
> show me what needs to be done command line by command line? I even tried
> connecting ssh to my local machine (because some web page implied it). Please
> please please help me by giving me *exactly* what I enter line by line.

Well, I have never used ssh-agent, so I can't tell you anything
about that. When I need to log into a machine without using
a password, I do this:

(1) Add the contents of ~/.ssh/identity.pub on the machine I',
ssh'ing *from* to the file ~/.ssh/authorized_keys on the machine
I'm ssh'ing *to* (the user names on the two machines do not
have to be the same).

(2) Ensure that RSA authentication is enabled for both
the server and the client ("RSAAuthentication yes" in
sshd_config on the server, and in ssh_config on the
client). sshd_config and ssh_config will be in the
config directory that was specified when installing
ssh, probably /etc/ssh or /usr/local/etc/ssh.

You should run ssh-keygen before you use any other ssh
utility for the first time. You only need to run ssh-keygen
once. It creates the files ~/.ssh/identity and ~/.ssh/identity.pub.
You can't just make up the contents of those files, or use
empty files; they must be the ones generated by ssh-keygen.
 
HTH,

-- Joe

> 1. Here is what I thought would work:
> ssh-agent               //just to see the output
> eval `ssh-agent`       //to get the agent running and see the output
> Add  eval `ssh-agent` to your ~/.bash_profile    //so service to run on login?
>  touch  ~/.ssh/identity  //did this because trying to run ssh-add did not work
>  chmod 400 ~/.ssh/identity //did this because ssh-add complained
> ssh-add ~/.ssh/identity // did this because I just don't understand anything
> ssh-keygen -p password   //to create the public and private key files?
> 
> 2. Now when I try to ssh to my server, it does ALL of this everytime:
> [werd at change werd]$ ssh user at shell1.host.com
> Enter passphrase for key '/home/werd/.ssh/identity':
> Enter passphrase for key '/home/werd/.ssh/identity':
> Enter passphrase for key '/home/werd/.ssh/identity':
> user at shell1.host.com's password:
> Last login: Thu Jul 25 07:47:22 2002 from adsl-33-146-210.asm.bellsouth.net
> [user at shell1 user]$
> 
> So, now I have something LESS convienient than before. Not sure why it asks
> for the passphrase 3 times (reminds me of Austin Powers "the spy who shagged
> me" where Austin had to ask a secret agent questions 3 times before the agent
> would finally spill the secret. I am so lost.
> 
> On Thursday 25 July 2002 00:44, Joseph A Knapka wrote:
> > "ChangingLINKS.com" wrote:
> > > K, I was following the directions on:
> > > http://www-106.ibm.com/developerworks/linux/library/l-keyc2/
> > > to try to get ssh-agent to work. Unfortunately, I ran into something
> > > that does not seem to be covered by the directions.
> > >
> > > I got to a point where it wanted my passphrase. I hit it with
> > > every passphrase I could think of and . . . see result below.
> > > Here's the history:
> > >
> > > Question? Does anyone know what is going on?
> >
> > Yes.
> >
> > > [werd at funker werd]$ ssh-agent
> > > SSH_AUTH_SOCK=/tmp/ssh-XXRTZLfH/agent.3271; export SSH_AUTH_SOCK;
> > > SSH_AGENT_PID=3272; export SSH_AGENT_PID;
> > > echo Agent pid 3272;
> > > [werd at funker werd]$
> > > [werd at funker werd]$
> > > [werd at funker werd]$
> > > [werd at funker werd]$ eval `ssh-agent`
> > > Agent pid 3274
> > > [werd at funker werd]$ ssh-add ~/.ssh/identity
> > > /home/werd/.ssh/identity: No such file or directory
> >
> > (1) Use ssh-keygen to generate ~/.ssh/identity and ~/.ssh/identity.pub.
> > The first is your personal private key, the second is your personal
> > public key.
> >
> > > [werd at funker werd]$ touch  ~/.ssh/identity
> > > [werd at funker werd]$  ssh-add ~/.ssh/identity
> > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> > > @         WARNING: UNPROTECTED PRIVATE KEY FILE!          @
> > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> >
> > (2) Be sure that ~/.ssh/identity is writable by no one, and
> > readable only by you. IOW "chmod 400 ~/.ssh/identity".
> >
> > > Permissions 0664 for '/home/werd/.ssh/identity' are too open.
> > > It is recommended that your private key files are NOT accessible by
> > > others. This private key will be ignored.
> > > bad permissions: ignore key: /home/werd/.ssh/identity
> > > Enter passphrase for /home/werd/.ssh/identity:
> > >
> > > [werd at funker werd]$ chmod 700 /home/werd/.ssh/identity
> > > [werd at funker werd]$  ssh-add ~/.ssh/identity
> > > Enter passphrase for /home/werd/.ssh/identity:
> >
> > (3) ssh-keygen will ask you for a passphrase when you generate
> > your keys. You may enter nothing, which is very convenient
> > but very insecure. A good passphrase must have good
> > "entropy", which is crypto-speak for "lotsa letters". "Thanks
> > to Microsoft, I am now blind in both eyes" might be a
> > half-decent passphrase.
> >
> > Cheers,
> >
> > -- Joe
> >
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info. Problems should
> > be sent to listmaster at ale dot org.
> 
> --
> Wishing you Happiness, Joy and Laughter,
> Drew Brown
> http://www.ChangingLINKS.com
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.

-- 
   "Thanks to Microsoft, I am now blind in both eyes. They have
    rolled back in my head so many times this week that they
    are apparently stuck there now."
      - Jonathan Rickman, regarding M$ anti-open-source PR.

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list