[vox-tech] [OT] Pumping a password using Expect
Matt Roper
matt at mattrope.com
Fri Jan 6 12:35:24 PST 2006
On Fri, Jan 06, 2006 at 12:17:22PM -0800, Karsten M. Self wrote:
>
> What learning curve?
>
> # Test to see if you've got a key, if not, create one.
> test -f ~/.ssh/id_dsa.pub || ssh-keygen -t dsa -N "passphrase"
>
> # Copy key to remote host
> ssh ~/.ssh/id_dsa.pub user at remotehost 'mkdir .ssh; \
> touch .ssh/authorized_keys; chmod 600 .ssh/authorized_keys; \
> cat >> .ssh/authorized_keys'
>
> # Test to see if ssh-agent is running, if not, start it.
> test [ "$SSH_AGENT_PID"x -ne x ] && ps $SSH_AGENT_PID ||
> eval ssh_agent
>
> # enter passphrase
> ssh-add
>
> ... You've now got the ability to do stuff like:
>
> ssh user at remothost 'command [; command ...]'
>
> ... without having to enter a passphrase each time.
>
> You can use passwordless keys in a reasonably secure environment, or
> forced-execution keys to run only a single command.
>
> ssh-agent allows you to enter a passphrase once, then, using the agent,
> authenticat without having to enter passphrases each time. If you're
> running any modern GNU/Linux under an X session, it's likely already
> running and you just need to ensure you've got a key (ssh-keygen) and
> 'add-key' to activate it.
>
> Using ssh-agent from shell-only or scheduled (cron, at, batch) jobs is
> slightly more complicated, but doable.
>
On the topic of ssh keys, does anyone know if it's possible to create a
key that is restricted to use for scp and can't be used to execute any
commands? I know you can get the same effect by creating a restricted
key that only allows the appropriate 'cat' command and then doing
something like:
cat localfile | ssh remotehost 'sh -c "cat > remotefile"'
but that's a bit messy.
Matt
--
*************************************************
* Matt Roper <matt at mattrope.com> *
* http://www.mattrope.com *
* PGP Key: http://www.mattrope.com/mattrope.asc *
*************************************************
More information about the vox-tech
mailing list