l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
January 6: Social gathering
Next Installfest:
TBD
Latest News:
Nov. 18: Club officer elections
Page last updated:
2006 Jan 06 12:57

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] [OT] Pumping a password using Expect
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] [OT] Pumping a password using Expect



On Fri, Jan 06, 2006 at 12:17:22PM -0800, Karsten M. Self wrote:
> 
> What learning curve?
> 
>     # Test to see if you've got a key, if not, create one.
>     test -f ~/.ssh/id_dsa.pub || ssh-keygen -t dsa -N "passphrase"
> 
>     # Copy key to remote host
>     ssh ~/.ssh/id_dsa.pub user@remotehost 'mkdir .ssh; \
>         touch .ssh/authorized_keys; chmod 600 .ssh/authorized_keys; \
>         cat >> .ssh/authorized_keys'
> 
>     # Test to see if ssh-agent is running, if not, start it.
>     test [ "$SSH_AGENT_PID"x -ne x ] && ps $SSH_AGENT_PID ||
>         eval ssh_agent
> 
>     # enter passphrase
>     ssh-add  
> 
> ... You've now got the ability to do stuff like:
> 
>    ssh user@remothost 'command [; command ...]' 
> 
> ... without having to enter a passphrase each time.
> 
> You can use passwordless keys in a reasonably secure environment, or
> forced-execution keys to run only a single command.
> 
> ssh-agent allows you to enter a passphrase once, then, using the agent,
> authenticat without having to enter passphrases each time.  If you're
> running any modern GNU/Linux under an X session, it's likely already
> running and you just need to ensure you've got a key (ssh-keygen) and
> 'add-key' to activate it.
> 
> Using ssh-agent from shell-only or scheduled (cron, at, batch) jobs is
> slightly more complicated, but doable.
> 

On the topic of ssh keys, does anyone know if it's possible to create a
key that is restricted to use for scp and can't be used to execute any
commands?  I know you can get the same effect by creating a restricted
key that only allows the appropriate 'cat' command and then doing
something like:

    cat localfile | ssh remotehost 'sh -c "cat > remotefile"'

but that's a bit messy.


Matt

-- 

*************************************************
* Matt Roper <matt@mattrope.com>                *
* http://www.mattrope.com                       *
* PGP Key: http://www.mattrope.com/mattrope.asc *
*************************************************
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.