PDA

View Full Version : Scripting ssh



iPirate
25th October 2007, 10:14 AM
Hi all

I'm trying to set up a script or Automator Workflow or whatever that can connect to an SSH login I have without me having to type the password each time.

My current system is to use a terminal document that when opened runs in terminal "ssh -L xxx:uni's cache:xxxx username@server" but this will either return a line saying the server could not be located, or it says "username@server's password: ".

I would like to make something that when asked for the password, it will enter it and minimise the window, but when it gets something else, it will return an error message and close the terminal window.

Any ideas how I can do such a thing?

Currawong
25th October 2007, 10:32 AM
Easy way would be to generate a key pair on your computer without a password (for the key) then copy the public key over to the remote machine. I use this for some backups which are done over ssh.

Linux_insidev2
25th October 2007, 10:33 AM
Easy way would be to generate a key pair on your computer without a password (for the key) then copy the public key over to the remote machine. I use this for some backups which are done over ssh.

beaten! :P

Key pairs are the best way to go, I use them myself for the ssh client on my iphone so I don't need to enter the password for my server every time I log in :D

iPirate
25th October 2007, 10:38 AM
Easy way would be to generate a key pair on your computer without a password (for the key) then copy the public key over to the remote machine. I use this for some backups which are done over ssh.

Tried that and it didn't work... but maybe I did it wrongly. Will try again in case my methodology was cracked.

dotnet
25th October 2007, 11:22 AM
Tried that and it didn't work... but maybe I did it wrongly. Will try again in case my methodology was cracked.

SSH is very picky about permissions of the files involved. In particular, ~/.ssh/authorized_keys should have mode 0600. If that file is accessible by others then sshd will ignore it. Make ~/.ssh mode 0700 as well.

Cheers
Steffen.

iPirate
25th October 2007, 02:16 PM
And what do I do exactly on my end...? Where do I put the sshkey file and sshkey.pub on my Mac?

dotnet
25th October 2007, 04:59 PM
And what do I do exactly on my end...? Where do I put the sshkey file and sshkey.pub on my Mac?

If you run ssh-keygen on your Mac it'll put the id_dsa and id_dsa.pub files in the correct default location (~/.ssh). You can configure a different location in /etc/ssh_config, but why would you?

Cheers
Steffen.

Currawong
25th October 2007, 06:53 PM
It's a bit of a spin to get your head around the first time:

ssh-keygen generates two files, id_dsa (a private key) and id_dsa.pub (the public key). When you generate the files, you can specify a password for the private key or not.

The public key you can copy the data from and put in on a remote machine inside the ~/.ssh/authorized_keys file. When you ssh to the remote machine, instead of requiring a password, some funky mathematics is used by the systems to demonstrate that you do indeed have the correct private key on your machine that matches the public key on the remote machine, without the actual private key being sent. If you haven't set a password on the private key, then you'll be logged into the remote machine without having to do more than the actual ssh command, making it great for scripts.

iPirate
25th October 2007, 08:00 PM
Damnit. Why won't it work. I have the keys in my ~/.ssh folder, and I have the public key's contents in ~/.ssh/authorized_keys in the remote folder... but it still asks for my password. I don't think I'm doing anything wrong here. :(

dotnet
25th October 2007, 10:18 PM
Damnit. Why won't it work. I have the keys in my ~/.ssh folder, and I have the public key's contents in ~/.ssh/authorized_keys in the remote folder... but it still asks for my password. I don't think I'm doing anything wrong here. :(

Watch for unintended line breaks in authorized_keys, it's one line per key.

Also, use ssh -v <remotehost> (or -vv) to see what's going on.

Cheers
Steffen.

dotnet
25th October 2007, 10:19 PM
Oh, and is the remote user (the one who owns authorized_keys) the same username as your local one?

What does the password prompt look like, exactly?

Cheers
Steffen.

iPirate
26th October 2007, 10:43 AM
Also, use ssh -v <remotehost> (or -vv) to see what's going on.

Thanks. That fixed it... it was the id_rsa name that did it. Terminal asked what I should save them as... I didn't think it would matter as long as the public and private keys were named the same way.

*feels a little stupid*

But thanks. Now I can get ssh working properly. Thanks a bunch :D