script to ssh across to another server, help pls...

[h3nd]

Hi guys,

I need to create a script to check the diskspace in another server and I have to put that script in crontab.

So, the question is how do I store the password in my script.

Here's part of my script and I'm from ypprod01.

ssh ypprod05 [and input password]

df -h /home
number=`df -h /home | tail -1 | sed 's/G//3' | awk '{print $4}'`
echo $number

Thanks guys

 

[feherke]

Hi

how do I store the password in my script

No way. The closest to what you want is [tt]expect[/tt].

But fortunately [tt]ssh[/tt] in not tied to password based authentication, it is able to use bey based authentication too. Search this forum's archive for "public key" for the proper solution.

Feherke.

http://rootshell.be/~feherke/

 

[h3nd]

But feherke,

I used someone logon, but when I ssh to another server. They don't required to enter password and I got through in.

But using my logon I have to enter the password.

Have any idea how do they do that? or how did they store it ?

 

[rzs0502]

If you haven't already done so, create your keys:

ssh-keygen -t rsa [and leave passphrase blank]

copy your ~/.ssh/id_rsa.pub to the server you want to access.

append the contents of your id_rsa.pub to the authorized_keys file of the user you want to access with a password.
eg. cat id_rsa.pub >> /home/oracle/.ssh/authorized_keys

Then you can ssh user@host without the password


"If you always do what you've always done, you will always be where you've always been."

 

[h3nd]

Sorry rzs0502,

I dont understand your command :
ssh-keygen -t rsa [and leave passphrase blank]

I've tried :
ssh [servername] -t rsa

and they asked for password, I put the correct password in. And it said it closed
$ ssh ypprod05 -t rsa
t003947@ypprod05's password:
bash: line 1: rsa: command not found
Connection to ypprod05 closed.

And I couldn't find my "id_rsa.pub" file. How do I generate this file.
Could you explain more detail pls.

Thanks man

 

[mrn]

The main problem with putting a password in a script is that it's a security risk ps will show the passwd; one that most admins wouldn't want.

What the guys above are suggesting is also a security risk.

Why not just edit the crontab on the remote server and run your script every hour you could amend it to mail you if disk space is over say 90% (I've got a script if you need it)

Or if you got apache installed I've a script that outputs df in html format.

Or install webmin.

Mike

"When we ask for advice, we are usually looking for an accomplice."

 

[h3nd]

Hi mrn,

the problem is in the remote server, the mail function is not working. So that's why I need it to run from the local server and mail to the certain group.

I saw in other logon the "authorized_keys2", I couldn't find the password either because it's been encrypted.
And I think that's quite secure.

Why do u think not secure mrn?

 

[rzs0502]

ssh-keygen -t rsa creates a id_rsa.pub in your $HOME/.ssh directory.
Just ssh user@host (without the -t option)



"If you always do what you've always done, you will always be where you've always been."

 

[h3nd]

Hi rzs0502,

when I typed :
ssh user@host

and typed the password

it didnt create id_rsa.pub, it just created known_hosts in $HOME/.ssh

please provide with more information

Thx

 

[mrn]

Make the mail work - It's not hard....

Mike

"Whenever I dwell for any length of time on my own shortcomings, they gradually begin to seem mild, harmless, rather engaging little things, not at all like the staring defects in other people's characters."

 

[h3nd]

It's hard man, I have to deal with third party company which is IBM to set it up and many hassles and paper works and authorization.

Anyway, I've found the way about ssh passwordless :
the command is :
ssh-keygen -f id_rsa -t rsa

That's the thing..

Sigh...

Thanks guys anyway.

 

[PHV]

In fact, from the beginning, the correct answer was:
man ssh-keygen