l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2006 Jan 06 12:57

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] [OT] Pumping a password using Expect
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] [OT] Pumping a password using Expect

On Fri, Jan 06, 2006 at 12:17:22PM -0800, Karsten M. Self wrote:
> What learning curve?
>     # Test to see if you've got a key, if not, create one.
>     test -f ~/.ssh/id_dsa.pub || ssh-keygen -t dsa -N "passphrase"
>     # Copy key to remote host
>     ssh ~/.ssh/id_dsa.pub user@remotehost 'mkdir .ssh; \
>         touch .ssh/authorized_keys; chmod 600 .ssh/authorized_keys; \
>         cat >> .ssh/authorized_keys'
>     # Test to see if ssh-agent is running, if not, start it.
>     test [ "$SSH_AGENT_PID"x -ne x ] && ps $SSH_AGENT_PID ||
>         eval ssh_agent
>     # enter passphrase
>     ssh-add  
> ... You've now got the ability to do stuff like:
>    ssh user@remothost 'command [; command ...]' 
> ... without having to enter a passphrase each time.
> You can use passwordless keys in a reasonably secure environment, or
> forced-execution keys to run only a single command.
> ssh-agent allows you to enter a passphrase once, then, using the agent,
> authenticat without having to enter passphrases each time.  If you're
> running any modern GNU/Linux under an X session, it's likely already
> running and you just need to ensure you've got a key (ssh-keygen) and
> 'add-key' to activate it.
> Using ssh-agent from shell-only or scheduled (cron, at, batch) jobs is
> slightly more complicated, but doable.

On the topic of ssh keys, does anyone know if it's possible to create a
key that is restricted to use for scp and can't be used to execute any
commands?  I know you can get the same effect by creating a restricted
key that only allows the appropriate 'cat' command and then doing
something like:

    cat localfile | ssh remotehost 'sh -c "cat > remotefile"'

but that's a bit messy.



* Matt Roper <matt@mattrope.com>                *
* http://www.mattrope.com                       *
* PGP Key: http://www.mattrope.com/mattrope.asc *
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.