[ale] automating an ssh script?

ChangingLINKS.com x3 at ChangingLINKS.com
Fri Jul 26 17:17:38 EDT 2002 

Please see attached file.
-- 
Wishing you Happiness, Joy and Laughter,
Drew Brown
http://www.ChangingLINKS.com




On Friday 26 July 2002 08:59, you wrote:
> On Thu, 2002-07-25 at 19:11, ChangingLINKS.com wrote:
> > Okay, it looks like I made _some_ major progress, but I still cannot do
> > anything without giving a passphrase.
> > Thanks to Michael Hirsh (and others) for giving me some directions that I
> > could use to get some results. Here are the commands that I ran. Can
> > someone edit these so that I know what I did wrong?
> >
> > rm -rf ~/.ssh   //to start .ssh from scratch
> > ssh-keygen -t rsa1  //to generate type1 public and private keys
> > cp ~/.ssh/identity ~/.ssh/authorized_keys  //to create a file for the
> > remote machine
>
> Don't do this.  That is your secret key and should not be published.
>
> > cp ~/.ssh/identity.pub ~/.ssh/authorized_keys2  //ditto
>
> That should be cp ~/.ssh/identity.pub ~/.ssh/authorized_keys.  The
> authorized_keys2 file is for type 2 keys and you explicitly made a type
> 1 key.
>
> > ftp ~/.ssh/authorized_keys AND  ~/.ssh/authorized_keys2 to remote
> > machine's ~/.ssh //upload files
> > ssh user at shell1.host.com //test .ssh to see if it works
> > exit  //thinking I should exit to run next command locally
> > eval `ssh-agent`
> > ssh-add ~/.ssh/identity
> > ssh user at shell1.host.com //testing to see if I connect passphraseLESS
> > eval `ssh-agent` //failed to connect without passphrase, decided to run
> > eval on remote machine
> >
> > FAILED TO CONNECT WITHOUT USING A PASSPHRASE.
> >
> > I do not own the remote box. How can I "Ensure that RSA authentication is
> > enabled for both the server ("RSAAuthentication yes" in sshd_config on
> > the server"? Tried downloading the file from my server - permission
> > denied. Ftp client crashed second time.
>
> When in doubt, run 'ssh -v remotehost' and, if necessary, include that
> information in your post.
>
> In this case you put the wrong key in the authorized_keys* files.
> Fixing that might solve the problem.  If not, then try generating a type
> 2 key as well, since that is the default nowadays.  If that fails, send
> us the output of 'ssh -v remotehost' for us to look at.
>
> --Michael
>
> > On Wednesday 24 July 2002 22:44, ChangingLINKS.com wrote:
> > > Yo yo yo! <- New York Santa Claus
> > >
> > > I am trying to automate the script below. I want to click on a menu
> > > item on my desktop and have all of these commands get executed
> > > sequentially. Currently, I paste them in the terminal one by one and I
> > > have to enter a password three times (where "PASSWORD" is below).
> > > Anyone know how to automate this deal with the PASSWORDS entered. If it
> > > is to be one script, I may have to exit (as show below) to do the scp.
> > > Anyone?
> > >
> > >
> > > BACKING UP WEB SITE WITH MYSQL DATABASE
> > >
> > > ssh user at host.com
> > > PASSWORD
> > > mysqldump -h db1.host.com -u user -ppassword
> > > user>/home/user/dbbackup.txt tar cfvz /home/user/backup.tgz /home/user
> > > --exclude backup.tgz exit
> > > scp user at host.com:/home/user/backup.tgz /data/save/code
> > > PASSWORD
> > > ssh user at host.com
> > > PASSWORD
> > > rm /home/user/dbbackup.txt
> > > rm /home/user/backup.tgz
> >
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info. Problems should
> > be sent to listmaster at ale dot org.
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should
> be sent to listmaster at ale dot org.



Getting closer to connecting without a passphrase - thanks, Michael Hirsh. I still failed, though. However, here is the output that you requested, along with the commands that I tried to run to get this process to work. Now when I ssh in, it prompts me "Enter passphrase for key '/home/user/.ssh/id_dsa':"

[user at change user]$ ssh -v useronserver at shell1.host.com
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 500 geteuid 0 anon 1
debug1: Connecting to shell1.host.com [209.211.232.3] port 22.
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: restore_uid
debug1: temporarily_use_uid: 500/500 (e=0)
debug1: restore_uid
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /home/user/.ssh/identity type 0
debug1: identity file /home/user/.ssh/id_rsa type -1
debug1: identity file /home/user/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.1p1
debug1: match: OpenSSH_3.1p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 145/256
debug1: bits set: 1564/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'shell1.host.com' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug1: bits set: 1594/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: try privkey: /home/user/.ssh/id_rsa
debug1: try pubkey: /home/user/.ssh/id_dsa
debug1: input_userauth_pk_ok: pkalg ssh-dss blen 434 lastkey 0x8086d48 hint 2
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/home/user/.ssh/id_dsa': 


COMMANDS THAT I USED TO TRY TO GET SSH TO WORK WITHOUT A PASSPHRASE
rm -rf ~/.ssh   //to start .ssh from scratch
ssh-keygen -t rsa1  //to generate type1 public and private keys
cp ~/.ssh/identity.pub ~/.ssh/authorized_keys  //to make type 1 file to upload to server
cp ~/.ssh/id_dsa.pub ~/.ssh/authorized_keys2   //to make type 2 key file to upload to server
ftp ~/.ssh/authorized_keys AND  ~/.ssh/authorized_keys2 to remote machine's ~/.ssh //upload files
ssh user at shell1.host.com //test .ssh to see if it works
eval `ssh-agent`  //do a ssh-agent on server?
exit  //thinking I should exit to run next command locally
eval `ssh-agent` //run ssh-agent locally
ssh-add ~/.ssh/identity
ssh user at shell1.host.com //testing to see if I connect passphraseLESS
eval `ssh-agent` //failed to connect without passphrase, decided to run eval on remote machine

FAILED TO CONNECT WITHOUT USING A PASSPHRASE.


GENERATING TYPE 1 KEY
[user at change user]$ ssh-keygen -t rsa1
Generating public/private rsa1 key pair.
Enter file in which to save the key (/home/user/.ssh/identity): /home/user/.ssh/identity
Created directory '/home/user/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/identity.
Your public key has been saved in /home/user/.ssh/identity.pub.
The key fingerprint is:
b0:15:bd:79:c4:bd:3e:99:1b:d5:87:1e:56:62:c4:6c user at change

GENERATING TYPE 2 KEY
[user at change user]$ ssh-keygen -t dsa 
Generating public/private dsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_dsa): /home/user/.ssh/id_dsa
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Passphrases do not match.  Try again.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_dsa.
Your public key has been saved in /home/user/.ssh/id_dsa.pub.
The key fingerprint is:
74:7b:e9:ce:8e:7a:6e:3d:c9:60:bf:d1:a8:a9:9f:cb user at change
[user at change user]$ 

SSH'ING TO SERVER FOR FIRST TIME
[user at change user]$ ssh rk4com at shell1.host.com
The authenticity of host 'shell1.host.com (209.211.232.3)' can't be established.
RSA key fingerprint is 8f:fc:f4:70:9d:ec:7d:0e:bb:e3:8f:1f:c9:c9:55:92.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'shell1.host.com,209.211.232.3' (RSA) to the list of known hosts.
Enter passphrase for key '/home/user/.ssh/id_dsa': 
Last login: Fri Jul 26 13:58:54 2002 from adsl-33-146-210.asm.bellsouth.net


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list