how to store the password for ssh in ksh ??? Help ... 1

[h3nd]

Hi guys,

my script has to run accross the server to modify the file...

So I have to ssh across and input the password, for some reason the ssh-keygen didnt work. I'm not sure why ...

So, is there any way to put the password in my script when I ssh accross ?

Thx guys

 

[PHV]

You may consider expect

Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ181-2886

 

[Annihilannic]

Why not figure out why your keys don't work? There is a lot of documentation describing how to do it, I think even a few FAQs on this site.

Annihilannic.

 

[h3nd]

Thx Anni,

But I didn't know why my keys didn't work,

I've already created the id_rsa.pub from my logon to destination server and "second" logon.

After that I copied accross and rename it to "authorized_keys".

which I did "exactly" the same as my logon to my logon in different server and that works.

I have checked in my "second" logon in directory .ssh and nothing in there except "authorized_keys" and "known_host" everything seems ok, so I'm little bit frustrated then I decided to put password in my script.

Could you give me some clue or idea why is not work ? Or is there any other area that I should check ?

I suspected this happens after the IBM change the permission the all directory for that logon. But I don't think it has something to do with that.

 

[coffeysm]

Did you check your sshd_config file and see if it allows keys to be used?

 

[Gloups]

Make sure to have those stwo lines uncommented in ssh_config:

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys


Also verify you're trying to connect using ssh v2

 

[Annihilannic]

The best way to find out why it isn't working is to run sshd in debug mode on the remote server on an unusual port, e.g. sshd -d -p 1234, and then look at the messages displayed when you try to connect to it from the other system using ssh -p 1234 date, for example.

Annihilannic.

 

[h3nd]

Hi Anni,

when I type this on remote server :
sshd -d -p 1234 it replied
sshd : command not found

and in other system
ssh -p 1234 [remote servername]

They hung. Any more idea ?

Thx

 

[coffeysm]

sshd might not be in your path. You might want to look under /usr/local/sbin or something. You could also look into running the startup script stop and start command.

 

[Annihilannic]

Sorry, as coffeysm says, you need to specify the full path, e.g.

[tt]/usr/sbin/sshd -d -p1234[/tt]

Annihilannic.

 

[h3nd]

alrite,

here's my ssh_config

#       $OpenBSD: ssh_config,v 1.16 2002/07/03 14:21:05 markus Exp $

# This is the ssh client system-wide configuration file.  See
# ssh_config(5) for more information.  This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.

# Configuration data is parsed as follows:
#  1. command line options
#  2. user-specific file
#  3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.

# Site-wide defaults for various options

# Host *
#   ForwardAgent no
#   ForwardX11 no
#   RhostsAuthentication no
#   RhostsRSAAuthentication no
#   RSAAuthentication yes
#   PasswordAuthentication yes
#   HostbasedAuthentication no
#   BatchMode no
#   CheckHostIP yes
#   StrictHostKeyChecking ask
#   IdentityFile ~/.ssh/identity
#   IdentityFile ~/.ssh/id_rsa
#   IdentityFile ~/.ssh/id_dsa
#   Port 22
#   Protocol 2,1
#   Cipher 3des
#   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
#   EscapeChar ~
Host *
        ForwardX11 yes

and here's my partition :
/dev/vgsys0/lvhome 24G 5.5G 18G 25% /home
/srv/gpfs01/opt/sw/algo
27G 21G 6.1G 78% /opt/sw/algo

In this 2 partitions my ssh keys working.

But in this partition :
/srv/gpfs02/riskdata/prod
252G 84G 169G 33% /riskdata/prod

Why is not working ? Can anyone help me pls ???

 

[Annihilannic]

It may have something to do with the permissions on the directories containing your SSH keys, but if you run the debugging test like described above it will tell you for sure.

Annihilannic.

 

[coffeysm]

You need to also check the sshd_config file. That tells the SSH daemon what methods are allowed to authenticate and what not.

 

[h3nd]

sigh,

Anni,
They would allow me to do this:
[mars_ftp@ypprod01 t003947]$ /usr/sbin/sshd -d -p1234
/etc/ssh/sshd_config: Permission denied

coffeysm,
the sshd_config file is only for root,
-rw------- 1 root root 2476 Feb 24 2006 sshd_config
I dont have right to view this.

 

[coffeysm]

You can not run the sshd command as yourself because you can not read the sshd_config file and it binds to port 22 usually which can only be done by the root user. That file though will have settings in there and if it does not allow you to use host keys then that would explain why it does not work for you.

 

[h3nd]

Does in sshd_config will tell us which user allow to use key and which user is not ?

Because my logon and my functional logon key work...
even they are not allowed to use sshd either...

I still dont understand.

 

[Annihilannic]

Why don't you ask your system admin for help?

Can you post the output of ls -ld ~/.ssh ~/.ssh/* on both systems please?

Annihilannic.

 

[h3nd]

Unfortunately it's gonna be involved the third company which is IBM, coz we outsource to IBM our infrastructure.

here's in the remote server

drwx-w----    2 mars_ftp mars_ftp     8192 Sep 27 15:25 /riskdata/prod/mars_ftp/.ssh
-rw-r--r--    1 mars_ftp mars_ftp      249 Sep 27 15:23 /riskdata/prod/mars_ftp/.ssh/authorized_keys
-rw-rw-r--    1 mars_ftp mars_ftp      458 Sep 29 09:07 /riskdata/prod/mars_ftp/.ssh/known_hosts

here's in the source server

drwx-w----    2 mars_ftp mars_ftp     8192 Sep 28 21:53 /riskdata/prod/mars_ftp/.ssh
-rw-------    1 mars_ftp mars_ftp      883 Sep  6 18:53 /riskdata/prod/mars_ftp/.ssh/id_rsa
-rw-r--r--    1 mars_ftp mars_ftp      250 Sep  6 18:53 /riskdata/prod/mars_ftp/.ssh/id_rsa.pub
-rw-rw-r--    1 mars_ftp mars_ftp      920 Sep 21 15:33 /riskdata/prod/mars_ftp/.ssh/known_hosts

and the "id_rsa.pub" in source server and "authorized_keys" in destination server are exactly the same.


Thx Anni

 

[Annihilannic]

Try removing the group write permission from the .ssh directories at both ends.

and the "id_rsa.pub" in source server and "authorized_keys" in destination server are exactly the same.

Not quite, there's one byte difference in file size, might be worth double-checking.

Annihilannic.

 

[coffeysm]

It does not say which user can and can not use key logins. It does say what are the valid methods of authentication. passwords, keys, etc... They might have disabled it....some people think it is a security issue. See if you can read the sshd_config on the server you said you had where it was working.